Home > Alerts > Customer Awareness > Understanding Phishing

Understanding Phishing

"Phishing" is the latest form of identity theft. It's when thieves act as if they are representing an organization and try to hook the consumer into providing personal or financial information. Once the consumer is hooked, the thieves can do lasting damage to a consumer's financial accounts. They can dupe customers into providing their Social Security numbers, financial account numbers, Online Banking password's, mothers' maiden names and other personal information.

Thieves often pose as:

  • Financial institution
  • Credit card company
  • Online merchant
  • Utility or other biller
  • Internet service provider
  • Government agency
  • Prospective employer

How it Works

Consumers receive an email from an organization with which they do business. The email typically includes bogus appeals such as problems with an account or billing errors, and asks the consumer to confirm his/her personal information. Most emails ask recipients to follow an embedded link that takes them to an exact replica of the victim company's Web site. Graphics on the counterfeit site are so convincing that even experts often can have a hard time distinguishing the fake site from the real one. Despite the convincing appeals, consumers should not respond to unsolicited emails that direct them to divulge personal identifying information. Reputable organizations that consumers legitimately do business with generally do not request account numbers or passwords unless the consumer initiated the transaction.

Please note that Guaranty Bank will never request identifying information, account information, or Online Banking password information via email. If you have any question regarding the validity of a phone call or email requesting account information, please call Guaranty Bank Customer Service at 319-286-6200 prior to responding to the request for information.

Clues to identifying a "Phishing" eMail:

  1. Awkward greeting - A phish may address the customer with a nonsensical greeting or may not refer to the customer by name.
  2. Typos & Incorrect Grammar - This is a technique used by phishers to avoid email filters. The errors are intentional.
  3. Source code points to a different website than the alleged sender - The link looks official, but when your mouse curser rolls over it the link's source code points to a completely different web site. Remember that you can always type a URL into your web browser instead of clicking on a link.
  4. Urgent call to act - Different approaches include things such as "We're updating our records," "We've identified fraudulent activity on your account," or "Valuable account and personal information was lost due to a computer glitch." To encourage people to act immediately, the email usually threatens that the account could be closed or canceled.