Phishing emails may include:
- Attachments loaded with viruses, worms or other malicious software (aka malware).
- A link to a website to distribute malicious payloads.
- Dialogue intended to build rapport between the sender and recipient in order to elicit funds or personal information.
Emails Containing Malicious Links
- Phishing emails typically do not refer to you by name. They will reference sir, ma’am or some other generality.
- Cyber criminals use tactics like scarcity (such as “click this link to be one of the first 10 with a chance to win”), or, as in the IRS example below, authority (a criminal complaint has been filed against your company). According to IRS.gov, they do not send out email solicitations.
- If you are unsure of links in an email, hover (but do not click) the cursor over the linked text. If it is a phishing email, you will notice it actually references a different website. The link typically displays on the bottom left of the screen. Here is an example of a phishing email with a malicious link:
Emails with Malicious Attachments
- Before you open an email attachment, look at the greeting. If it appears to be from someone you know, verify that the sender’s name and address are the same.
- If you want to verify the safety of an attachment, you can download it (but don’t open it) and upload it to a free malware scanner such as virustotal.com or virusscan.jotti.org.
Email Scams Requesting a Reply
- Watch out for emails promoting offers that seem too good to be true.
- Phishing emails will often not include your name in the greeting. However, the sender may claim to have found you through an internet search or other method. Here is an example of such an email scam:
Avoiding Phishing on Mobile Devices
To verify a link on an Apple® or Android® mobile device, tap and hold down on the link until the address pops up. This will show you the actual linked address so you can verify if it matches the text in the email.
There are a variety of ways to report phishing emails:
- Apple: Forward the email as an attachment to email@example.com
- Yahoo: Next to SPAM is a down arrow button. Click on it, and select “Report a phishing scam.”
- Gmail: At the top-right corner of the message, click the down arrow next to the "Reply" button, then select “Report Phishing.”
- Outlook: Select the email in question, then report the email by selecting the arrow next to Junk and select “Phishing scam.”
- PhishTank.com: This is a free service for reporting or verification of phishing emails.
- At Capitol Federal®, we are committed to the security of your accounts and personal information. If you ever have a question about a Capitol Federal site or email, you may always call us to verify it at 1-888-8CAPFED.
Safety and Security