Do not click on links contained within an unsolicited email.
Be cautious of emails claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Always run a virus scan on attachment before opening.
Avoid filling out forms contained in email messages that ask for personal information.
Always compare the link in the email to the web address link you are directed to and determine if they match.
Log on directly to the official website for the business identified in the email, instead of “linking” to it from an unsolicited email. If the email appears to be from your bank, credit card issuer, or other company you deal with frequently, your statements or official correspondence from the business will provide the proper contact information.
Contact the actual business that supposedly sent the email to verify that the email is genuine.
If you are requested to act quickly or there is an emergency, it may be a scam. Fraudsters create a sense of urgency to get you to act impulsively.
If you receive a request for personal information from a business or financial institution, always look up the main contact information for the requesting company on an independent source (phone book, trusted Internet directory, legitimate billing statement, etc.) and use that contact information to verify the legitimacy of the request.
One campaign posed as an HR department mandating vaccine information, another leveraged an XSS flaw to disguise a malicious download, and a third leveraged Verizon's Vzwpix service to mass-distribute emails.