Top 5 Phishing Scams to Avoid

April 16, 2021

You may be familiar with the term "phishing" and many people are vigilant at avoiding unfamiliar messages. However, cybercriminals are using more sophisticated strategies to get account information. Krebs on Security recently published an article about a security professional who was very aware of what phishing entailed, yet was a victim of banking fraud.

Below are the top five phishing scams to avoid and how to be vigilant against them.

Phone Call Phishing

Warning Signs:

1. Also known as social engineering, you may receive an "urgent" phone call from “your credit card company” or “financial institution”, typically from someone who works in the “Security and Fraud Department”

2. You are told your card has been flagged for suspicious transactions. The caller may ask you to prove that you have the card in your possession.

3. You are asked to provide: (1) the three-digit security code (CVV) on the back of your credit or debit card, (2) a one-time passcode that was just sent to you, or (3) your PIN. 

Solution: If this happens to you, do not respond. Immediately hang up and call your bank or credit union directly to report the incident.

NASA Federal members can set up a Phone PIN to add an extra layer of security, which authenticates you when you call us or when accessing Contact-24 Telephone Banking. 

Email Phishing

Warning Signs:

1. Spelling and grammar errors in the subject line or body of the email.

2. Deadlines and/or threats to suspend your account or suspicious requests for personal information.

3. An email address or website that does not match your bank or credit union. 

4. A generic name for you such as "Dear Sir or Madam" or "Dear Customer." 

Solution: If you get an email from a bank or credit union that seems “urgent” and asks you to click a link or provide information, don’t do it! Go to your bank or credit union’s website directly to sign into your account. Report the email to your financial institution.

Text Message Phishing

Warning Signs:

1. You receive a text from an unknown contact that contains a link.

2. The text may sound urgent or important and asks you to use the link to log into your account, to verify a transaction, to enter your PIN or provide your three-digit CVV code.

3. The text may or may not contain the name of your bank or credit union

Solution: These texts are used to retrieve your personal account information. If you receive one, do not click on the links and call your bank or credit union to report the incident.

NASA Federal members can sign up for card fraud alerts in both eBranch and on our Mobile Banking app. This service sends a text message, without any links, when suspicious activity is occurring on your credit or debit card. You may also add eAlerts to your account so you receive a text message or email when certain transactions occur such as purchases, balance limits and much more.

Website Phishing

Warning Signs:

1. Website looks slightly off or the website address isn't correct.

2. A strange pop-up notification asks for your account information

3. Links in the website do not match your bank's name.

You may have been led to a fake website from a scammer’s email or text message or by accidentally mistyping a bank's website. Cybercriminals are waiting for victims to type important login information so it can be used to steal funds from the account.

Solution: When in doubt, close the page and go directly to your bank or credit union’s website to log into your account.

NASA Federal members can sign up for eBranch notifications so you receive a message to let you know when someone has logged into your account. 

Social Media Phishing

Warning Signs:

1. A friend request from someone you don't know

2. A message or post asking you to click a link that requests your personal information

Fraudsters can create fake accounts that look like a friends’ account but may request information to get access to your secure information.

Solution: If you receive a friend request from someone that you are already friends with or do not know the person, do not accept the request. Report suspicious messages to your financial institution.

When in doubt, hang up the phone, ignore the email or text message and call your credit union or bank directly.

For more information about card fraud alerts, Phone PINs, eAlerts, eBranch notifications and more ways to keep your account safe, visit