Tips for Spotting Fraudulent ("Phishing") Email and Text Messages

"Phishing" messages are email or text messages designed to convince the recipient to share his or her personal information with an Internet-based criminal.

Usually, a phishing message will pretend to be from the recipient's bank or credit union. The message will often tell the recipient that his or her account has been compromised or suspended, and that he or she needs to "take immediate action" to resolve the problem. Or the message may tell the recipient that he or she needs to "confirm" his/her account "due to security concerns."

In most cases, the message then provides a link to a website. The message claims that by clicking the link, the user will be able to resolve the issue with his/her account. The linked website may look like it is legitimately part of the credit union/bank's website, and often even contains the credit union or bank logo. In reality, it is a "spoofed" website set up by the criminals to trick the victim. Once the victim has entered his/her personal information, the criminals have that information and can commit fraud with it.

There is also another type of phishing message, where the website link will take the recipient to the credit union/bank's true website. But before it goes there, it passes through another website that will download and install malicious software (i.e., a virus) onto the victim's computer or mobile device. This malicious software can seriously damage the victim's computer or device. Even worse, it may give the criminals access to any sensitive personal information that the victim ever has entered or will enter on his/her computer or device--including account, credit card, and Social Security numbers.

To a victim, a phishing message often looks completely legit. However, many phishing messages have certain characteristics that can tip off a trained eye that the message is a scam. 

Please note: This article is designed to help you become familiar with common characteristics of phishing messages and avoid becoming a phishing fraud victim. However, some phishing messages may not contain all of these charateristics. When in doubt, your best bet is to call your credit union, bank, or whatever company supposedly sent the message. We can tell you whether or not it's legit.

What to Look For in a Phishing Email

Here is an example of a phishing email:


At first glance this looks like a legitimate email from MUCFCU. But looking more closely, some things don't add up:


Awkward or Impersonal Greeting -- Most phishing emails don't refer to the recipient by name. Instead, they usually have a generic greeting such as, "Dear valued member."

(However, be aware that some phishing emails do have the recipient's name. Those are just as dangerous--perhaps more--because it means that at some point the criminals have gotten the victim's name.)


Urgent Language -- Phishing emails will usually say one of two things: Either that the recipient's account has been suspended due to "security concerns" and he/she needs to take action to restore the account; or that the recipient's account will be suspended soon if he/she does not act immediately.

In this email, for example:

"Due to concerns, for the safety and integrity of the online banking community we have issued the following warning message."


"...failure to confirm your records may result in your account suspension." 


Typos and Spelling Mistakes -- Phishing emails often contain easy-to-find spelling mistakes. (For example, in this email, "acounts.")


Awkward or Incorrect Grammar -- For instance, in this email:

"...your... information has need to be confirmed...."


"If you could please take 5-10 minutes out of your online experience and review your records..."

Spelling and grammar mistakes are common in fraudulent emails for two reasons. First, most fraudulent emails originate from foreign countries--particularly eastern Europe--where the English language is less common. Second, spelling and grammar errors make it a little bit easier for these messages to bypass "spam" filters. (Spam filters are an email setting designed to keep fraudulent emails and from getting to your Inbox. If they're set up correctly, spam filters greatly reduce the number of spam messages that make it to your Inbox, but a few can still slip through.) 


Strange Links to Other Websites -- This link looks like a legitimate address. But when the user rolls his/her mouse cursor over the link, a popup window appears that shows where the link will actually go. In this case, the link actually goes somewhere entirely different from the website address in the text of the email.

In the above example, the text of the link says it will go to a website that begins with "," to make the user think it will go directly to MUCFCU's true website. But when the user rolls his/her mouse cursor over the link, the popup window tells the user that the link goes to a website beginning with ""--a website that is not associated with MUCFCU and, as far as the user knows, may be fraudulent.

This is a masking trick designed to make the victim think the link will take him/her to the credit union's website, when in reality the link will take the victim to a fraudulent, potentially dangerous website.

You should always roll your mouse cursor over a website link (but do not click it), especially if you are unsure whether the link is valid. The true web address of the link should appear either in a popup window beside the link, or at the bottom of the screen. If the true address of the link (revealed when you mouse-over the link) does not look familiar, absolutely do not click it.

(Note that sometimes, fraudsters won't even attempt to mask a fraudulent website link. If you do not recognize the true web address of a website link, you should never click it unless you first contact your financial institution to find out if the link is valid.

Also, note that many financial institutions, including MUCFCU, do use third-party service providers for certain online services. So occasionally your financial institution may email you about an online service with a link address that does not look familiar to you. If you question whether the link is valid, contact your financial institution before you click it--we will be able to tell you whether the link is valid.)


Generic Closing -- The email closes by identifying the writer simply as the credit union/bank's "Online Customer Service," or something similar.

In general, if MUCFCU ever sends a legitimate email specifically about an issue related to your account, we will always include the name of the member service representative sending you the email, along with information on how to contact him/her.

Also, all email that is truly from MUCFCU usually will contain a confidentiality disclaimer at the bottom of the message. The sample email message above does not. 


What to Look For in a "Smishing" Text Message

Phishing text messages are sometimes called "SMS phishing" or "Smishing."

Below is an example of a smishing text. (Note that the screen on your mobile phone may look different. With a smishing text, you should be more concerned about what it says, not what it looks like.)

Again, we can see some things that seem suspicious:


The message came from an unfamiliar, out-of-area phone number.


Urgent language, along with bad grammar


A strange web link -- Although some shorter web links, with address domains like or, are now common, you still have to be extremely careful. This link is a false imitation of the common links (""), and could potentially lead the user to a fraudulent website if he/she clicks on it.

Some fraudulent text messages don't contain a link to a website. Instead, they instruct the user to call an unrecognizable phone number. For example:

In addition to the urgent language and questionable grammar, this text instructs the recipient to call a phone number that is definitely not associated with the credit union. For all the user knows, this phone number may connect the caller to someone who could try to steal his/her account number.

If you ever receive a text message in relation to your credit union account that instructs you to call a number you don't recognize, do not call the number. Instead, call the credit union immediately at (513) 523-8888. We will tell you whether or not the phone number in the text message is legit.

To read more information on smishing, click here.


A Few Other Notes About Phishing

Credit unions and banks are not the only ways that email fraudsters disguise themselves. Some phishing emails also claim to be from other financial services (such as Paypal and Western Union), shipping companies (such as UPS and FedEx), and even social networking websites (such as Facebook). You should become familiar with the email policies of all the companies you do business with, so that you'll know what kinds of email to expect (and what not to expect) from them.

For instructions on what to do if you receive phishing email, as well as additional email safety tips, click here.

Equal Housing Lender logo
NCUA logo

Your savings are federally insured to at least $250,000 and backed by the full faith and credit of the United States Government.


Certain restrictions may apply to the products and services described above. Contact the credit union for details. MUCFCU is not an entity of Miami University.