« Back to Resources & Advice

How to Spot Phishing Scams


You’ve probably encountered at least one phishing scam in this technology-forward world. Phishing scams are fraudulent messages disguised as legitimate requests for personal information from trusted sources such as the IRS, a major consumer brand, a financial institution, your boss, or a loan provider.

Protect your personal information and your money. Here are a few ways to spot and deal with phishing scams by email, phone calls, or text messages.

It's All About Your Personal Information
Fraudulent messages aim to get your personal information so the scammer can steal something from you.

Most phishing attempts follow this basic format: something has happened to your account, and the sender needs your personal information to rectify the problem. The message may include a link or even a faulty document to review and sign.

Here are some common reasons scammers give for contacting you:

  • There’s been suspicious activity on your account, and you need to reset your password.
  • Your account or financial institution card is frozen, and you must sign in to reactivate it.
  • You received a large deposit or withdrawal to your account and need to sign for it electronically.

Scammers may also offer extraordinary deals related to your finances in these messages, such as:

  • A new loan with a lower interest rate and no background check
  • Free money in the form of gift cards or cashier’s checks
  • A means of clearing all of your credit card debt
Keesler Federal Credit Union and other financial institutions never request personal information via text, unsolicited phone calls, or email. If you’re receiving a message prompting you for your personal information, then it’s probably a scam.


Spot the Errors
Scammers often send one or two messages to thousands of people, hoping to get a bite. To get through all those spam filters, they have to change the message just a tad, which includes minor typos or grammatical errors. Here are two examples of phishing text messages.

You’ll notice “online” is spelled with a -0- instead of an -o- in the first message.

Scam Text 2

In this second message, there are no periods.

Scam Text 1

Examine the Link and Sender Address
You can often spot a phishing message by looking at the sender’s address or the link they’ve provided. A typical email sender address may be something like [email protected] or [email protected]. If it’s a text message, the number will usually be a short-hand number—four or five digits long—or a much longer number—up to 12 digits long. If the text comes from a typical 10-digit phone number that looks like 1-(xxx) xxx-xxxx, it could be a scam.

You can also look at the link the sender has provided for clues. If your financial institution’s URL is yourfinancialinstitution.com/login and the sender has provided yourfinancialinstitution.anotherwebsite.com/dothething, then you’ll know that the link isn’t safe to use.

How to Handle a Phishing Message
So, what should you do if you receive a suspicious-looking message about your account?

Verify the Issue with Your Financial Institution

If the message tells you there’s a problem with your account, debit or credit card, or something similar, the best thing to do is verify the issue with the financial institution. Don’t use the link provided in the text message to do this—it may be a look-a-like site designed to collect your information or spread malware. Instead, call your financial institution using the phone number on the back of your debit or credit card, inside your online banking app, or on your bank statement or a paper check. Even better, visit a branch and speak with someone in person.

If someone has called you claiming to be the financial institution and asks for your personal information, hang up the phone and call using the phone number you know. Remember, your financial institution will not request personal information from you via unsolicited phone calls.

Report the Message
Some credit unions and banks have specific instructions for dealing with various phishing attempts. Ask a financial institution rep or search “report fraud” on their website for more information.

Delete the Message
Once you’ve spoken with someone at your financial institution and followed their procedure for dealing with phishing messages, block the phone number or email sender and delete the message.

Keesler Federal Credit Union is well aware of the dangers of phishing scams. Members and non-members can be targets for phishing scams attempting to gain access to funds, steal an identity, or sell personal information to other nefarious characters.

We’re here to help keep you and your information safe. Remember, Keesler Federal Credit Union will never ask for personal information via text, unsolicited phone calls, or email. They will never text you a link to access your online banking account. Reach out to your financial institution if you have any questions or concerns about your account or messages you have received. You can get more information on how to keep your information safe online and on-the-go right here: https://www.kfcu.org/services/fraud-security/


Tell us about yourself