Thank you to Intermedia for this helpful article on Phishing. I read their blog entry and wanted to pass this article along. I have copied their main points below:
Be aware of email requests with high urgency that ask you to take quick action. Phishers often prey on employee trust and will spoof executives to get you to comply with high urgency actions like wiring large amounts of money ASAP. Or in my case, losing my matching benefits if I didn’t immediately comply. As a rule of thumb, if you are ever in doubt, double-check the request with the sender either by phone or by composing a new email—never reply to the email itself.
Never give sensitive personal or financial information over email. Trusted parties will never ask you for personal or financial information through email (e.g., social security numbers, account numbers, credit card numbers, passwords, etc.). Be cautious of emails that ask you to call a phone number to update your account information as well.
If an offer seems too good to be true, it probably is. Offers ofbig bonuses, large payments or gifts (e.g., win a free iPad) are ways attackers try to get inside your head. If the promise is “too good to be true,” do some research into the individual or company before taking action.
Think about whether you initiated the action. Phishers will try to spoof well-known companies to have you reset your password, update your account or track a shipment. Always be suspicious of unsolicited email, if you didn’t prompt a password reset — don’t click the link.
I have been grateful that many Phishing scams seem very obvious. This article describes a tricky scenario that wasn't so apparent and reminds each of us to be cautious and always alert.