Be wary of emails asking for confidential information—especially of a financial nature. Legitimate organizations will never request sensitive information via email.
Don’t get pressured into providing sensitive information. Phishers like to use scare tactics, and may threaten to disable an account or delay services until you update certain information. Be sure to contact the merchant directly to confirm the authenticity of their request.
Watch out for generic-looking requests for information. Fraudulent emails are often not personalized, while authentic emails from your bank often reference an account you have with them.
Never submit confidential information via forms embedded within email messages.
Never use links in an email to connect to a Web site. Instead, open a new browser window and type the URL directly into the address bar.
Maintain effective software to combat phishing.