Here are a few tips to help identify suspicious e-mails and protect your information:
* Generally, if you receive a suspicious e-mail from a financial institution or online retailer, do nothing. Do not reply to the e-mail, or click on any of the links. Do not give any personal details to the sender.
* Do not provide personal information via e-mail, unless you are certain of a person's authority to have the information.
* If you get an e-mail that warns you, with little or no notice, that your account will be shut down unless you reconfirm your billing information, do not reply or click on any link in the e-mail. Instead, contact the company cited in the e-mail using a telephone number or web site address known to be genuine.
* Avoid e-mailing personal and financial information. Before submitting financial information through a web site, look for the "lock" icon on the browser's status bar. It signals that your information is secure during transmission.
* Review credit card and bank account statements as soon as you receive them to determine whether there are any unauthorized charges. If your statement is late by more than a couple of days, call your credit card company or bank to confirm your billing address and account balances.
* Be suspicious of unsolicited phone calls, visits, or e-mail messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, attempt to verify his or her identity directly with the company.
* Pay attention to the URL of a web site. Malicious web sites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net). Be aware that the true URL of a link is often masked in the e-mail text, so never click on hyperlinks within e-mails. Instead, copy and paste them into the browser.
* If you're unsure whether an e-mail request is legitimate, attempt to verify it by contacting the company directly. Do not use contact information provided on a web site connected to the request; instead, check previous statements for contact information.