Never respond to emails that request personal financial information.
Be suspicious of any email that asks for your password or account information, or includes links for that purpose. Banks and e-commerce companies will rarely send emails requesting this information. If you’re unsure, always call your bank to confirm.
Visit bank websites by typing the full address into the address bar.
Don’t follow links embedded unsolicited emails or pop-up messages. Phishers often use these methods to direct you to a malicious website.
Be cautious with emails and personal data.
Always conduct transactions safely by choosing secure passwords and by managing them appropriately.
Look for signs that an email is “phishy”.
Phishing emails usually use a generic greeting, such as “Dear valued customer.” They also may make alarming claims (e.g., that your account numbers have been stolen or lost). The email often includes misspellings or substitute characters (e.g., “1nformati0n”) in an attempt to bypass anti-spam software. However, generic information is not always a strong indicator of an attack. An extremely targeted type of phishing, known as spear phishing, often contains detailed personal information that can make the attack appear legitimate.
Ensure that the website you are visiting is secure.
All websites should begin with https:// (“s” stands for secure) rather than the typical http://. In addition, look for a small padlock icon on the browser’s status bar. Both of these symbols indicate that the website is using encryption. Keep in mind that even if a website is secure, there is no guarantee that it is safe. Hackers can create malicious websites that also use encryption.
Keep your computer secure.
Anti-spam software will protect you from spam emails, and a firewall will block unauthorized web traffic. You should also run antivirus software to detect and disable malicious programs, such as spyware or backdoor Trojans, which may be included in phishing emails. Keep your Internet browser up to date with the latest security patches, as hackers frequently exploit vulnerabilities in operating systems and programs in an attempt to infect computers.
Finally, always report suspicious activity.
If you receive an email you suspect isn’t genuine, be sure to forward it to the spoofed organization. Many companies have a dedicated email address for reporting such abuse.