Utah Power Credit Union Logo
Membership Means Financial Power

Protect Yourself from "Spoofing" or "Phishing" schemes

What is a Spoof?

A spoof or phishing (pronounced "fishing") email is an email that is designed to look like it comes from a well-known company and that tells some story to get you to click a link or button in the email.


The links or buttons in the email take you to a website that is also called a "spoof" because it also fakes the appearance of a popular website or company. The spoof site asks you to input personal information, such as your credit card number, Social Security number or account password.


You think you are giving information to a trusted company, when in fact; you are supplying it to a criminal.

 

9 ways to recognize fake (spoof) emails

  1. Generic greetings. Many spoof emails begin with a general greeting, such as: "Dear member." If you do not see your first and last name, be suspicious and do not click on any links or button.
  2. A fake sender's address. A spoof email may include a forged email address in the "From" field. This field is easily altered.
  3. A false sense of urgency. Many spoof emails try to deceive you with the threat that your account is in jeopardy if you don't update it ASAP. They may also state that an unauthorized transaction has recently occurred on your account, or claim your financial institution is updating its accounts and needs information fast.
  4. Fake links. Always check where a link is going before you click. Move your mouse over it and look at the URL in your browser or email status bar. A fraudulent link is dangerous. If you click on one, it could:
    • Direct you to a spoof website that tries to collect your personal data.
    • Install spyware on your system. Spy ware is an application that can enable a hacker to monitor your actions and steal any passwords or credit card numbers you type online.
    • Cause you to download a virus that could disable your computer.
  5. Emails that appear to be websites. Some emails will look like a website in order to get you to enter personal information. The Credit Union never asks for personal information in an email.
  6. Deceptive URLs. Only enter your eteller password on eteller pages. These begin with https://eteller.utahpowercu.org/
    • If you see an @ sign in the middle of a URL, there's a good chance this is a spoof. Legitimate companies use a domain name (e.g. https://www.company.com).
    • Even if a URL contains the name of your financial institution, it may not be a legitimate site. PayPal has been a targeted by these types of fraudulent schemes. Examples of deceptive URLs for PayPal.com include: www.paypalsecure.com, www.paypa1.com, www.secure-paypal.com, and www.paypalnet.com.
    • Always log in to your account by opening a new web browser and typing in the financial institution's web address manually.
    • Never log in to your account from a link in an email
  7. Misspellings and bad grammar. Spoof emails often contain misspellings, incorrect grammar, missing words, and gaps in logic. Mistakes also help fraudsters avoid spam filters.
  8. Unsafe sites. The term "https" should always precede any website address where you enter personal information. The "s" stands for secure. If you don't see "https," you're not in a secure web session, and you should not enter data.
  9. Attachments. Like fake links, attachments are frequently used in spoof emails and are dangerous. Never click on an attachment. It could cause you to download spy ware or a virus. The Credit Union will never email you an attachment or a software update to install on your computer.