advice hub

How to Spot a Scam

What to Look Out For

Phishing. Smishing. Vishing.

Are you familiar with all of these phrases? While they sound like something out of a children’s book, they are actually malicious types of scams that criminals use to try and steal your identity or attack your computer with viruses and malware.

Staying informed and trusting your instincts if something seems suspicious go a long way in protecting yourself from falling victim to one of these scams.


According to, phishing scams continue to be popular with cybercriminals. Phishing refers to the process where a scammer poses as a legitimate institution via email or telephone to lure individuals into providing sensitive information such as bank account or credit card details and passwords. The personal information is then used to access the individual’s account and can result in identity theft and financial loss.

Microsoft’s Security Center offers some valuable tips on how to spot a suspicious email and even provides a few visual examples.

Check out their tips below:

Spelling and bad grammar.

Cybercriminals are not known for their attention to grammar and spelling. Professional companies or organizations usually have a staff of copy editors that will not allow a mass email riddled with mistakes to go out to its users. If you notice spelling and grammar mistakes in an email, it might be a scam.

Beware of links in email.

If you see a link in a suspicious email message, don’t click on it. Rest your mouse (but don’t click) on the link to see if the address matches the link that was typed in the message. With a scam, the name of the link you are being asked to click will not match the web address where you will be directed. Links might also lead you to .exe files. These kinds of file are known to spread malicious software.


Have you ever received a threat that your account would be closed if you didn’t respond to an email message? Cybercriminals often use threats that your security has been compromised in order to gain access to your account information.

Spoofing popular websites or companies.

Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows. Cybercriminals also use web addresses that resemble the names of well-known companies but are slightly altered.

Phone and Text

So, if phishing scams try to get you to reveal important personal information by posing as a company or organization you trust via email, what is smishing and vishing?

Let’s say you receive a text message or an automated phone call on your cell phone saying there’s a problem with your bank account. You’re given a phone number to call or a website to log into and asked to provide personal identifiable information—like an account number, PIN, or credit card number—to fix the problem.

Beware: It could be a “smishing” or “vishing” scam, and criminals on the other end of the phone or website could be attempting to collect your personal information in order to help themselves to your money. “Smishing” is a combination of SMS texting and phishing and “Vishing” is a combination of voice and phishing. While most cyber scams target your computer, smishing and vishing scams target your mobile phone (or land-line phones), and are becoming a growing threat as more Americans use mobile and smartphones on a daily basis.

These scams are a reminder that cybercrimes aren’t just for computers anymore.

How United Would Contact

One of the most popular, and profitable, areas of your life scammers like to target is your bank account. That’s why it’s important to know what your financial institution requires when they contact you.

If Members receive a call from United Federal Credit Union, they will never be asked to give their complete social security number. And when United originates the call, we will never ask for your account information. Instead, a Member’s identity is confirmed based on brief questions that are not related to their account. If you are still unsure about the caller on the other end of the phone or uncomfortable speaking with them, United’s Member Service Center encourages Members to simply call back at our toll-free number. This way, the Member is certain they are communicating with an official United representative. The same idea can be applied before responding to a suspicious email. Call United first and double check to see if the message was actually sent by us.

In any situation, if a call or email seems pushy and asks for an immediate response or something bad will happen, it is likely a scam – or really poor customer service.

Bottom Line

If you believe you have been targeted by a scammer, you can fight back. recommends reporting your concerns to an organization that will investigate further.

There are several such places on the Internet.

  1. One is the U.S. government-operated website CISA.GOV. It provides information on where to send a copy of the email or the URL to the website so that they may be examined by experts. It also includes links with details on phishing scams and how to recognize them and protect yourself.
  2. Another website to report cyberspace scams is located at:

By reporting any suspicious contact to the proper organizations, you may have a part in helping to cut down on such unlawful activities in the future.