May 5th, 2014

Security Series: Email Safety


In light of recent security vulnerabilities, such as Heartbleed and the Internet Explorer bug, and the scammers directly targeting credit union members, now is a great time to brush up on email dos and don’ts for maximum security and online safety.

Don’t include sensitive information.

Whether you’re emailing SMCU, your favorite online retailer, or a friend or family member, it’s important to never include sensitive information. This includes but is not limited to your account number, Social Security Number, credit card number, or any other information that you wouldn’t want scammers to get their hands on. If you’re attaching documents that contain sensitive information, be sure to password protect them and send the password to the recipient in a separate email or through another means of communication.

Do know the warning signs of a phishing email.

Phishing, one of the most common scamming techniques, takes place when people pretend to be from well-known companies, organizations, or government agencies and trick you into giving them personal information. Scammers frequently carry out phishing attacks through email.

Phishing emails often include misspelled words and grammatical errors, or they may be from a company you aren’t a customer of. Scammers will often try to scare you into giving them your information. In the recent attack on SMCU members, scammers claimed that members’ debit cards were deactivated and that if they wanted to reactive, they had to reply with their PINs. Scammers will sometimes go to great lengths to gain your trust by having seemingly innocent email exchanges with you first, and following up with the scare tactic several weeks later. You can view common examples of phishing emails here.

Don’t respond to scam emails.

When you respond to scam emails, scammers take this as a verification that your email address is a valid one, leading to an increase in emails sent to you.

Do report suspicious emails to the company the scammer is pretending to work for.

If you believe an email is not legitimate, let the company know. You can forward suspicious emails claiming to be from SMCU to, and we’ll let you know if it is in fact from us. If it’s a scam, we can take action immediately by alerting all members and freezing affected accounts.

Don’t click on links or attachments within spam emails or emails you are unsure about.

Clicking links or attachments included in scam emails could start a download of a virus or malicious software onto your computer or mobile device. Even if the link says it goes somewhere harmless, like your favorite online retailer, it could link somewhere else entirely. To check where a link actually directs, hover over it with your mouse, or simply retype the URL for the website you want to visit into your browser.

Do beware of phishing texts and phone calls called smishing and vishing.

Phishing attacks can also take place via phone call, text message, and even in person. One common sign of a smishing attack is the text will come from a “5000” number instead of displaying an actual phone number. This indicates that the message was sent to your phone via email. With vishing attacks, the phone number often has an automated voice response system.

It’s important to remember that SMCU will never contact you to ask you for personal information, such as your account number. If you receive a phone call from SMCU or another company asking you for sensitive information, hang up and call the company at the customer support number listed on their website, so you can be sure of who you’re speaking with. SMCU’s Contact Center can be reached at 206-398-5500 or toll free at 800-334-2489.

You might also like…
What is Phishing and How Can You Avoid It?
Securing Your Digital Life: Password Security
Securing Your Digital Life: Personal Identifying Information

Comments are closed.