Best Practice

1. Look at the email address, not just the sender

Ensure the message is not sent from a public email domain; no legitimate organization will contact you from an
address that ends ‘’, not even Google. Legitimate emails from Google will read ‘’.

  • If the domain name (after the @ symbol) matches the apparent sender of the email, the message is more likely
    to be legitimate.

2. Never click on suspicious links or attachments, especially from unsolicited messages

3. Go to the source if you have questions about the validity of the URL or message

4. Check the website security

  • Ensure there is a padlock symbol in the URL address bar OR
  • Ensure the URL begins with https:// or shttp://. The added “s” indicates that the data will encrypted in transit.

5. Create strong passwords on all accounts

6. Educate your coworkers and family members

  • Others’ actions can result in a compromise of your data as well

7. Be careful with online posts; do not give away too much personal information

  • The more information criminals can gather on social media, the more targeted their attacks will become
  • Enforce privacy options and restrict access to your social media accounts