Privacy & Security

Learn to spot a fake: what are phishing emails?

Here’s how to recognize and avoid phishing attacks.

Key takeaways:

  • Looks can be deceiving; here’s how to spot fake phishing emails.
  • Pause before you click; there are several ways to identify a potential problem.
  • If you’ve accidentally clicked on a fraudulent link or responded to a phishing email, take immediate steps to protect yourself.


When a scammer uses email to try to trick you into giving them your personal information, it’s called a phishing email. But don’t get hooked! There are several ways you can avoid getting scammed.


What is a phishing email?

Phishing is attempting to trick someone into providing personal information by pretending to be a trusted individual or organization. A phishing attempt can take the form of an email, text message, phone call, or a bad link on a web page. Simply clicking in a phishing attempt could deploy software on your computer that allows scammers to monitor your activity.

Don’t get tricked into clicking. The keyword here is tricked: phishing attacks are disguised to look like they’re coming from legitimate companies or organizations that you already do business with, like Global Credit Union or your credit card company. Scammers are trying to steal your Social Security number, passwords, account numbers, credit card numbers, and other personal information. They use this information to access and drain your bank account, steal your identity, open new accounts in your name, and more.


How to spot a phishing email

It’s getting harder to tell real from fake messages. The number one rule: be skeptical and double-check everything, even if it looks real. A phishing email may ask you to click on a link, confirm personal information, pay for something you didn’t order, claim free merchandise, update your account information, and more. Just because the email contains a recognized name or logo doesn’t mean it’s real.

Here are some things to look for in a phishing email:

  • Claims that your account is on hold because of a billing problem or from ‘suspicious activity’
  • Request to verify personal information for an existing account
  • Slightly altered website URL addresses, such as or
  • Familiarity with a company or organization you may have done business with (“We have a surprise for XYZ members/shoppers”)
  • Many (but not all) are addressed generally, such as ‘Dear Valued Customer’ instead of to you personally, and they often (although not always) have misspelled words and grammatical errors
  • Phishing emails are often TGTBT (too good to be true); trust your instincts on this!


10 Things you can do to protect yourself against a phishing attack

  1. Think twice before clicking a link or responding to a text or email. When you take a few minutes to verify the information, fake elements often become easier to spot.
  2. Make sure your computer browser and anti-virus software are up to date and update the operating system on your mobile device regularly. Current software regularly scans for security threats like phishing attacks.
  3. Never click directly on a link or download an attachment from someone you don’t know. Instead, type in a URL you have independently verified yourself.
  4. Don’t call the phone number listed in a potential phishing email; look it up yourself and call a verified number.
  5. If you’re making a purchase or verifying account information, make sure the website has the closed padlock icon, the URL begins with ‘https,’ and is followed by a legitimate web address.
  6. Configure your browser to block pop-ups and don’t click on a pop-up window; they are notorious for leading you astray online.
  7. Never send an email or text message with sensitive information like your SSN or account passwords. You will never receive a request for information like this unless it is a phishing email.
  8. If someone calls to tell you you’ll be arrested unless you pay a debt, don’t believe them. Note the number they called from and hang up, then report it. Forward any suspicious emails you get about your Global accounts to
  9. If you logged into a fraudulent account in a phishing attack, immediately change your username and password on the real account and report the incident.
  10. Use care when doing an online Google, Yahoo or Bing search. Avoid the search results identified as ‘Ad’ and triple-check website addresses before clicking.


Did you know?

There are many ways to report phishing emails.

If you think your personal information has been exposed in a phishing attack, visit to learn about your options.


What to do if you responded to a phishing email

Mistakes happen, and scammers are getting more sophisticated every day. If you think you responded to a phishing email, don’t panic but take care of it right away.

  • Change your passwords and PIN numbers immediately.
  • If the information you shared included any account data with Global, call us. For example, if you used your credit card to make a purchase that turned out to be a phishing attack, we can help you cancel the card and request a replacement.
  • Print out emails or take screenshots on your mobile device of every single interaction you had with the phisher. Note account numbers, phone numbers, email addresses, and other information.
  • If you clicked on a link or opened an email attachment, update your computer’s security software, and run a full system scan.
  • Notify the credit bureaus (Equifax, TransUnion, and Experian) of the phishing attack. Consider placing a fraud alert on your account; you could also consider freezing your credit.
  • Whatever you do, don’t be too embarrassed to report it. In 2019, the FBI received nearly 1,300 complaints every day; quick reporting can help protect you and others from phishing emails. If you lost money in the phishing attack, you may be able to recover some or all of it, but only if you report it.

Learn more at

It pays to be skeptical

Most people who got caught in a phishing attack look back and wonder how they could have fallen for it. To avoid getting hooked, take your time; think twice before clicking. Remember what a phishing email is and how it can be recognized. If someone is trying to reach you via email or text message about a problem with your account, play it safe. Ignore the link, go directly to a verified web address, and log in as usual to verify.

We’re committed to keeping you, your money, and your account information secure.

20 Ways to Protect Yourself from Identity Theft

Protect yourself from identity theft with these 20 tips.

5 Easy Ways to Make Sure a Website Is Safe

Stop hackers in their tracks with these 5 easy ways to keep yourself safe online.

Knowledge is power

Equip yourself to make smart financial decisions in every stage of life—subscribe for financial know-how and more.