Phishing e-mail messages take a number of forms. They might appear to come from your bank or financial institution, a company you regularly do business with, such as Microsoft, or from your social networking site.
1. Verify or update your account:
Businesses should not ask you to send passwords, log in names, Social Security numbers, or other personal information through e-mail.
2. You have won a prize or lottery:
The lottery scam is a common phishing scam known as advanced fee fraud. One of the most common forms of advanced fee fraud is a message that claims that you have won a large sum of money, or that a person will pay you a large sum of money for little or no work on your part
3. If you don’t respond within 48 hours, your account will be closed.
These messages convey a sense of urgency so that you’ll respond immediately without thinking.
1. Don’t reply to, or click links within, emails that ask for personal, financial, or account information.
2. Check the message headers. The ‘From:’ address and the ‘Return-path’ should reference the same source. If necessary, look at the expanded header as some phishing use vulnerable email servers to rout their messages.
3. Instead of clicking the links in emails, go to the websites directly by typing the web address into your browser, cut and paste, or use bookmarks.
4. If on a secure page, look for “https” at the beginning of the URL and the padlock icon in the browser.
5. Use a browser that has a phishing filter (Firefox, Internet Explorer, or Opera).
6. If you ever need to change your account information, such as your billing details or your password, you should always sign in to your account from the main login page of your trusted network (i.e. your bank’s main website) and make the changes directly within your account.