Fraudulent emails known as phishing scams pose as your financial institution or other trusted business in order to obtain your personal and financial information. Phishing is a particularly devious scam because it attempts to exploit the relationship of trust that you have with those businesses.
How did the phisher get my email address?
The email addresses used could have been gathered from publicly available places such as the MSU faculty/staff and student directories. Also, not all the individuals that receive the email will be our members. The individuals behind the Phishing incident are just hoping to find a match of our members in the email database that they have created.
The best way to fight phishing is to stay informed. Help protect yourself from online fraud. Learn how to spot and report fraudulent emails, how to recognize a secure website, and what to do if you are a victim of fraud.
If you have received a fraudulent email, report it immediately to the financial institution or business that it appears to originate from to verify that the email you received is fraudulent.
- Do not provide any of your personal or financial information. Thieves will not be able to compromise your account if you do not provide the requested information.
- Contact the financial institution or business that the email appears to be from using a phone number or secure email that you know is valid.
- Please forward any suspicious emails that appear to be from MSUFCU to firstname.lastname@example.org. MSUFCU will determine if the email is fraudulent and contact you with further information regarding the possible scam.
Look for the following signs to detect a fraudulent email:
- An urgent or threatening tone in the language of the email, may contain threats to close or freeze your account if you do not comply with the email's requests.
- Unusual wordings or misspellings.
- Requests for personal information such as account numbers, card numbers, user names, and passwords. MSUFCU will never request personal or financial information via email.
- False links to non-secure websites.