It looks like you're using an outdated browser.
For a better experience, we recommend switching to a more modern browser like Google Chrome or Microsoft Edge. Learn more.
Tarjetas de crédito para cada necesidad

Con tasas variables bajas, opciones de pago con billetera digital y sin tarifas anuales, los miembros disfrutan más con una tarjeta de crédito SCCU Visa®.

Compara Tarjetas

News & Tips

The 5 Most Common Phishing Attacks and How to Stay Safe

The days of spotting a scam by keeping an eye out for obvious spelling mistakes are long gone. Nowadays, the most dangerous phishing scams are powered by smart technology, using everything from artificial intelligence (AI) to advanced malware. The good news? Learning about these scams and steps that can help reduce your risk can help keep your information secure. 

Here are the five most common phishing attacks and practical tips to spot and stop them. 

1. AI-Driven Phishing 

Modern phishing emails are getting harder to spot. With AI, scammers can craft messages that look and sound just like those from your bank, boss, or even a friend by using personal details, perfect grammar, and company logos to make messages seem legitmate. 

How it works: 

An email arrives that references a real transaction or uses your name. It might urge you to “verify a charge” or “reset your password.” Because it looks so credible, it’s easy to fall for. 

How to protect yourself: 

  • Double-check the sender’s address for oddities. 

  • Don’t trust an email just because it has no mistakes. 

  • Type website URLs directly and don’t click on links you don’t know. 

  • If in doubt, call the sender using a number you trust, not what’s in the email. 

2. Quishing: QR Code Cons 

QR codes are everywhere these days and scammers use that to their advantageQuishing is when fraudsters send you a QR code (via email, poster, or sticker) that secretly leads to a phony website designed to steal your info. 

How it works: 

You’re asked to scan a code to pay a bill, “verify” your account, or get a coupon. The site you land on looks official but steals your login or card data. 

How to protect yourself: 

  • Preview the web address your phone displays after scanning; don’t tap suspicious links. 

  • Avoid scanning codes on sketchy stickers or in places that don’t look official. 

  • Use trusted apps instead of scanning codes for payments or sensitive actions. 

3. Deepfake Fraud 

Deepfake technology ramps up classic “vishing” scamsNow, scammers can impersonate someone’s voice or even their face over a video call. These tricks are increasingly used for urgent requests such as your “friend” asking for a wire transfer or a “relative” in trouble. 

How it works:

You get a video call or a voicemail from someone who sounds (or looks) just like someone you know, asking for money or sensitive info, saying it’s urgent. 

How to protect yourself: 

  • Agree on a family or company “safe word” for emergencies. 

  • Hang up and call the person back through a known number. 

  • Stay calm, question urgent requests, and take your time to verify. 

4. Polymorphic Phishing 

To dodge advanced spam filters, fraudsters now use polymorphic phishing. They send out different versions of an email and only changa few words, links, or imagesso automated filters have a tougher time catching them. 

How it works: 

You might receive a message with minor tweaks from those your coworkers or friends receive. Because each message is a bit different, your email system may not recognize it as spam. 

How to protect yourself: 

  • Treat any email asking for login, payment, or sensitive info with suspicion. 

  • Use the ‘Report Phishing’ button so your email provider can review and block similar messages. 

  • Don’t assume a message is safe because it appears in your main inbox. 

5. HTML Smuggling 

This technical-sounding trick lets harmful codes sneak past your device's security defenses. HTML smuggling builds malware “inside” your browser rather than downloading an obvious file that antivirus can spot. 

How it works: 

You click a seemingly harmless link in an email but then a file downloads automatically or a silent script runs in your browser, planting malware undetected. 

How to protect yourself: 

  • Never open files or downloads you didn’t ask for. 

  • Delete unexpected downloads at once and don’t open them. 

  • Keep your browser up to date and use solid antivirus software for backup protection. 

Quick Safety Checklist 

  • Slow down and think before you click 

  • Enable multi-factor authentication (MFA) 

  • Use a password manager 

  • Update all your devices and software 

Don’t Get Hooked 

Remember, the online world is full of opportunities, but staying safe is about being cautious and staying aware of current scamsIyou’re ever unsure, don’t hesitate to ask for help; we’re here to provide guidance to help you protect your information. To learn more and to stay up to date with the latest scams, check out our Fraud Prevention Center. 

 

¿Se sintió ayudado?
¡Gracias por sus comentarios!