Phishing is a type of fraud that uses email and texts to direct you to fraudulent (but very official-looking) websites. The email tries to convince you to click a link to the site and enter your confidential information, which will then be used for criminal purposes.
Phishing attack methods are constantly evolving. Instead of email, newer variations may use automated or live phone calls or even text messages to your cell phone to reach you, and might direct you to call an electronic phone system to gather the data.
Alaska USA will never call, email, or text its members to request confidential information.
Recognize phishing messages
Phishing messages try to induce you into revealing your account information in many different ways, including:
- Threatening to restrict or block access to your account if you do not verify certain facts or "renew" your account.
- Offering to deposit money into your account upon completing a survey.
- Advertising promotions or contests which require you to "register" your account information in order to enter.
- Warning of suspicious activity on your account and asking for confirmation.
- Asking you to update your information to provide enhanced security.
Common signs of phishing messages
There are usually a number of visual clues you can use to further identify a fraudulent email message.
- Look for misspellings and other typographical anomalies - although this clue is less common now that crooks have gotten more sophisticated.
- Before you log in to any secure site, check to make sure the lock or key icon is displayed in your browser. These symbols indicate that the page you are using will encrypt data sent from your computer. Most spoofed websites are located on servers that do not display this icon (although some are now getting tricky and hoping to fool you by incorporating the lock or key imagery into the web page itself).
- Confirm the web address (URL) in the location bar of your browser before entering confidential information. It should begin with "https."
Phishing scam examples
Fraudulent email messages take many forms. The content of the messages varies, but typically includes a link to a website asking for confidential information. Some versions include a phone number to call that connects the member to a voice mail system to gather the data.
Text message scam
Cell phone users may receive unsolicited text messages claiming their account has been suspended. They are directed to call a number provided in the message where confidential information will be collected for fraudulent purposes. Unsolicited text messages should be immediately deleted without responding.
Malware & Trojan horses
In this phishing variant, a malicious program is hidden in an innocent-seeming message. A program hidden like this is called malware, more commonly referred to as a “Trojan horse.”
In one example, executives and managers are targeted by an email claiming to be from the Better Business Bureau (BBB). The email poses as a complaint notice filed against the company. When the link is clicked to see “complaint details,” a program is downloaded that attempts to steal information from their computer.
In another example, executives and managers are sent an email with a file labeled “invoice” or “fax.” Once opened, the file downloads malware that lays dormant within the computer until a targeted banking website is visited. When a user logs into the website, the malware sends the login credentials to the thieves. The malware may also display an error message, prompting the user to contact a phone number controlled by the fraudsters. The caller is then informed that the issue will be resolved within a certain amount of time, during which the thieves will log into the account and initiate wire transfers while the user waits for the allotted time to pass.
What to do if you receive a suspicious message
Don't click that link! If you do not respond to a phishing email, you won't compromise your confidential information. Instead, forward the message to . Alaska USA will never request confidential or account information by email or phone unless the transaction is member initiated.
Additional steps to protect yourself:
- Never click on a link or attachment in a message from an unverified source.
- Confirm the phone number. Do not rely on any phone numbers in the message itself.
- Be skeptical of any unexpected email message that encourages you to take quick action. Phishing messages often encourage urgent action, either to avoid some inconvenience or negative consequence, or to gain something with a limited time offer.
- Enable junk email filters.
- Use a current web browser, and keep your computer and browser up-to-date with the latest security patches.
- Keep anti-virus and anti-spyware tools up to date.
- If your operating system includes firewall software, make sure it is active. Consider an inexpensive firewall device, especially if your computer is always connected to the Internet, as is the case with most cable, DSL, or other broadband connections.
- If you receive phishing messages, file a complaint at www.ic3.gov.
What to do if you've submitted confidential information in response to a fraudulent message
Call the Member Service Center right away to speak with a member service representative about the kind of information that was revealed.
Remember: Alaska USA will never call or email its members to request confidential information.