Fraudulent emails and web sites are designed to deceive you and can be difficult to distinguish from the real thing. You should be suspicious of any email that requests your personal or account information.
Most legitimate companies, including Virginia Credit Union, will never use an email to ask you to provide or verify your personal or account information. If an email asks for this type of information, assume it's a scam.
Identifying a fake (phishing) email
- False sense of urgency. Many phishing emails try to deceive you with the threat that your account will be in jeopardy if it’s not updated right away or that it has been compromised. An email that urgently requests you to supply sensitive personal information is typically fraudulent.
- Fake links. Many phishing e-mails have a link that looks valid, but send you to a fraudulent site that may or may not have an URL different from the link. Check where a link is going by moving your mouse over the link in the email and looking at the URL in the bottom bar of the browser. If it looks suspicious, don't click it.
Here are some examples of fake links:
- Misspellings and bad grammar. Fake emails often, but may not always, contain misspellings, poor grammar, missing words, and gaps in logic. These types of mistakes help scammers avoid spam filters.
It's more difficult to identify a fake email using the following:
- Sender's email address. To give you a false sense of security, the “From” line may include an official-looking email address. The address may actually be copied from a genuine one. The email address can easily be altered, so it’s not an indication of the validity of any email communication.
- Generic greeting. A typical phishing email has a generic greeting, such as “Dear Customer,” but legitimate emails may use it too.
Identifying a fake (spoof) web site
- Deceptive URLs. Some scammers will insert a fake browser address bar over the real one, so it looks like you’re on a legitimate site. The words may be slightly altered by adding, omitting, or transposing letters. Even if an URL contains the word "vacu," it may not be a Virginia Credit Union web site.
- Out-of-place lock icon. Make sure there is a secure lock icon in the status bar at the bottom of the browser window. Some fake sites will put this icon inside the window to deceive you.
Reduce your chance of being victimized
- Do not use links included in the email. Open a new browser window and type in the URL you know to be correct.
- Do not open attachments. Like fake links, attachments may be used in phishing emails and are dangerous. Opening one, even an image or PDF, could cause you to download spyware or a virus.
- Call the company in question using a phone number you know to be correct. The person you speak with will most likely be able to confirm whether they actually need the information and if so, whether you can provide it over the telephone.
- Use anti-phishing software. There are a number of programs available that will check the web address in question against a list of known phishing scams and notify you if the site appears there.
- Update your computer with the latest browsers, upgrades and security patches. Some spoof sites are able to obtain your information through your internet host company's address if you simply visit the site.
If you have responded to an email asking for personal or account information, you should notify your financial institution immediately and keep a close eye on your accounts. Additional information is listed in our Identity Theft section.
Please contact Member Services at (804) 323-6800 or (800) 285-6609 if you have questions or we can help you in any way.