Phishing & Vishing Attacks
What is Phishing?Phishing are fraudulent electronic communications (emails, text messages, or instant messages) that appear to come from legitimate businesses to entice you to provide personal information. The fraudster then uses your information to commit identity theft or lure you to further engage in scams. The emails often look like they are coming from a company you know or trust, such as your bank, your insurance company, your Internet provider. However, upon closer inspection, the emails frequently contain typos or minor changes in the sender’s email address. They might also contain attachments that, when opened, install malware (malicious software) on your computer. Malware may be used to steal more personal information. For example, some forms of malware, such as spyware, may track without you knowing the keys that you type and steal your passcodes.
Additionally, phishing emails often contain links to fake websites intended to look like the legitimate companies you do business with, like your bank or brokerage firm. Just as with the malicious attachments,these look-alike websites may also install malware on your computer or steal your password information. Remember, never reply to or click on a link in an unsolicited email asking for personal information, such as your credit card, bank account information, or Social Security number.
Avoid opening or clicking on emails, attachments or links that are requesting information. When in doubt, delete the message and call the organization the email supposedly came from to alert them.
For some general tips that may help you spot phishing emails, please click here. For more information on spyware, a type of malware, please click here.
What Is Vishing?Unlike email phishing attacks (where the goal is to get you to point your web browser to a fraudulent site by clicking on a bad link), vishing (or voice phishing) is a technique of social engineering that employs a combination of text messages, phone recordings, and email to persuade customers to dial a telephone number or respond to a telephone call for the ultimate purpose of obtaining financial gain.
Fraudsters tell customers to contact their bank at a fraudulent telephone number, which is provided in an email, a text message, or by a recording using Voice over Internet Protocol (VoIP) technology. During the call, targets are asked to provide their card number and other personal or banking account information.
Since fraudsters constantly vary their scams, it is important to beware of text messages, emails, and telephone calls or recordings requesting confidential data.
Union Bank does not request personal account information by text message, email, or automated phone call. Do not respond to any unsolicited texts, emails, pop-ups, or links that ask for personal information of any kind.