What is an email phishing scam? This happens when threat actors or cybercriminals pose as trusted individuals or organizations and send out emails that contain malicious attachments or links to fake websites. The aim is to steal personal or sensitive information such as your name and password, which could be used for identity theft or online financial theft.
GSIS, Banks, Authorized Agencies, and Trusted Organizations will:
- NEVER ask for your username or password or one time pins (OTP)
- NEVER email attachments you did not ask for
- NEVER lead you to unknown sites
- NEVER charge money or ask you to provide sensitive personal information
- NEVER conduct funding activities, offer grants or certificates through email
- USE of public email domains like @gmail.com or @yahoo.com instead of the official domains. Search for the company name online to find out the real domain name and always compare it to the email addresses used in the new mails.
- USE of urgent alerts like “your account will be deactivated,” “your account has been compromised,” or “you won a trip abroad” are used by scammers to create a sense of ugency that will make you share your information without thinking. Take time to go through the email and question how reasonable the alert is.
- USE of URL links as part of the email message. Examine the URLs to see if they lead to unknown sites and type the URL instead of clicking on it to spot the inconsistencies.
- USE of attachments that does not fit the context of the email. These may contain malware that can steal information of infect your device. Avoid clicking these attachments completely.
- USE of company and anti-virus logos. Check if the email matches with legitimate emails from the same company. It is likely that the email is fake if there are obvious discrepancies or mistakes.