Don’t click on links in emails, or open attachments, including emails from your own bank, before independently verifying authenticity.
90% of people are fooled by a well-constructed “phishing” email. Be aware that an email that looks entirely reputable may be designed that way by a fraudster. The email may appear to be official but is actually an attempt to download a computer virus and/or collect your confidential information. Criminals often send mass emails knowing that a subset of recipients will respond and open the door to subsequent fraud.
Don’t click on links in emails
Rather than clicking a link in an email, sign on to your trusted web site directly by typing the web address from your records, or by using your browser bookmark/favorite.
Don’t trust an email that appears to be from a familiar source
It is not enough that an email has a ‘from’ address that you recognize. Fraudsters can doctor email ‘from’ addresses to match your trusted sender, such as your financial institution or an airline.
NEVER provide confidential information in response to an email request
Never provide user names, passwords, account numbers, tax id numbers, social security numbers, or other private details in response to an email request.
Verify the authenticity of emails by using a phone number from your records rather than the phone number provided in the email.
If an email suggests a required action, place a phone call to check the validity of the request, using a number from your records rather than the number provided in an email. Then, if needed, use a web address that you have confirmed with your trusted source.
Don’t open attachments without independently verifying the authenticity of the email.
Verify the legitimacy of an email before opening an attachment. Be sure to use contact information from your own records rather than the number provided in an email.