Does that email or text look phishy?

Phishing is when bad actors send out emails, texts or other messages that claim to be coming from a trustworthy person or organization. The goal is to trick people into responding, clicking on a link, opening an attachment or taking some other action that will enable criminals to get your personal information and money. Typically the alleged sender is an organization with whom you have a relationship; occasionally the organization they are trying to impersonate may be Oregon State Credit Union.

Phishing attacks can be very convincing

Emails can include realistic-looking logos and corporate-sounding language. It’s not surprising that so many people fall victim to phishing scams. In 2021, for instance, the average click rate for a phishing campaign was nearly 20 percent. Phishing campaigns that were highly targeted and added the element of a phone call had a click rate of a whopping 53.2 percent.

Using pressure and threats to get your information

Scammers impersonating financial institutions are most likely trying to get you to reveal your online banking login and password. They may claim there is a problem with your account—they may even threaten to close your account. They may pressure you to take some action quickly, like click on a link or open an attachment.

Your best defense against a phishing attack is to recognize the signs of a scam and know what to do or not do. While the details of a phishing message can vary, most of them will have shared characteristics that can tip you off.

It may be a scam if:

The text or email:

  • asks for your login and/or password.

  • demands you act immediately to avoid unwanted consequences. Example of statements you may see include, "...act now...immediate action required...last warning...account suspension pending."

  • uses bad grammar and has misspelled words.

  • includes a link to log in to your online banking account. Don’t click the link.

  • includes an attachment. Don’t open the attachment; call us for clarification.


  • the email comes from a source that does NOT end in “”.

Questions? Doubts? How to follow up

Any time you receive a communication from someone claiming to be us, whether that’s by email, text, telephone or letter, if you have doubts, call us before taking action. If you think you have already been the victim of a scam please go to our fraud protection resources.

Back to financial education resources

Go to main navigation