Skip to main content Skip to footer
Back to all articles

Recognizing Email Scams: Phishing and Spam

Email is an easy way to communicate with anyone around the world. It is also a powerful tool in the fraudsters arsenal to get your personal information.

Recognizing Email Scams: Phishing and Spam

Received a Suspicious Email, Text or Phone Call?

If you've received a suspicious TDECU email, text, phone call or have visited a suspicious website, immediately send the information to

Phishing and Spam

Phishing and spam are two significant threats to your online security. They both involve unsolicited contact through email and are deliberately deceitful in their approach. Spam emails try to sell something to you, and phishing emails try to obtain personal data like passwords, credit card numbers or information that can be used for identity theft, such as your date of birth. Spear phishing is a more specific attack on a particular target, such as a business, with the objective of gaining access to customer files.

Spam Filters

Your computer's spam filter will take care of many of these online scam attempts and prevent them from reaching your inbox. Spam filters assess particulars, such as an email's source, message header, message ID and content, to determine if that email should be sent to the spam folder.

Spam creators circumvent these safeguards in an effort to reach you by modifying the email to fool the filters. For example, spam filters scan for certain phrases such as "buy now" and "click here." If, however, the phrases are part of a longer document, the filter will not block it. To access this loophole, spammers add large quantities of hidden text to their emails to fool the filter. Text that is the same color as the page background or entered as "0" font size will not be visible to you but will enable the spam email to bypass the filter and reach your inbox.

Antivirus and Firewall Systems

Your computer's firewall can offer protection against spam and phishing, as can anti-spyware programs or antivirus programs that include spam protection. These programs scan every email that comes to your computer to determine if spam is present. Make sure that your firewall is active and your antivirus software is up to date.

If you have spam filters in place, as well as antivirus software and firewall protection, are you in the clear? While such safeguards do eliminated the majority of cyber threats, they are not foolproof. Your keen eye and savvy threat discernment is the last line of defense against online scams.

What to Watch For

Check to see who the sender is before you open any email. Ideally you should delete the email if you do not know the sender, but if you've opened it, do not click on any links in the email or open any attachments from the sender.

Bad grammar, poor spelling and improper punctuation are all indicators of spam. If an email is legitimate and from an upstanding business, it should be written professionally and be free of errors.

Questionable content is another red flag. Items that should raise your suspicion include:

  • Requests for money
  • Unrealistic threats
  • Promises or offers that are too good to be true
  • Requests for personal or financial information

Know that businesses such as banks or government agencies do not normally make unsolicited contact through email. Make a habit of questioning the legitimacy of any email from a business that is not a reply to something you've sent first.

A mismatched URL is another red flag that the email you are viewing is malicious. A typed link can look valid, but if you hover your cursor above it to see the URL that is actually linked to the text, make sure that they match. If not, it's likely a deliberate attempt to deceive and the link should be avoided.

Sometimes your warning will be that an email simply doesn't look right. Trust your instincts: It's better to avoid a potential problem than look back with regret.

How to Respond

Never give personal information to anyone via email. Even data given to a trusted recipient could be accessed at a later date by someone with malicious intent if they can hack into your account.

If you can tell immediately that an email in your inbox is spam, simply delete it. If you are unsure, contact the company that the email claims to be from via an alternative method, such as telephone, to verify the legitimacy of the contact.

File a complaint with the Federal Trade Commission, which is partnered with law enforcement to combat fraud.

What if you've had a brief lapse in attention or judgment and have already clicked on a malicious link or opened a suspicious attachment? Take immediate action as follows:

  • Update your anti-virus software and perform a complete scan of your computer.
  • Contact the credit bureau to let them know that you have been phished and an attempt might be made to fraudulently use your identity.
  • Change all of your account passwords.

Email scams are rampant despite the protective software that is available for consumers to use. With caution and attention to detail, you can protect yourself and avoid being victimized by fraud.