The U.S. Cybersecurity and Infrastructure Security Agency offers the following ways to avoid becoming a victim of cyber fraud:
- Always be suspicious of unsolicited phone calls, email messages or from people asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, contact that company directly to verify his or her identity.
- Make certain a person is authorized to receive information on your organization, including its structure or networks before divulging such information.
- Do not reveal personal or financial information in an email, and do not respond to or follow any links in such emails.
- Do not send sensitive information over the internet before checking a website's security.
- Always pay attention to the Uniform Resource Locator (URL) of a website. Look for URLs that begin with "https"—an indication that sites are secure—rather than "http.”
- Check for a closed padlock icon—a sign your information will be encrypted.
- Check previous statements for contact information. Information about known phishing attacks is available online from groups such as the Anti-Phishing Working Group.
- Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic.
- Take advantage of any anti-phishing features offered by your email client and web browser.
