Here are a few good rules to follow to avoid becoming a victim of a phishing or spoofing scam:
Never provide your personal information in response to an unsolicited request. Whether it is over the phone, by text, or on the Internet. Emails and Internet pages created by phishers can look exactly like the real secure emails and Internet pages they are impersonating. If you did not initiate the communication, do not provide any information.
If you are unsure whether a contact is legitimate, contact the financial institution. You can find phone numbers and websites on the monthly statements you receive from your financial institution, or you can look up the company in a phone book or on the Internet. You should be the one to initiate contact, using information you have verified yourself.
Never provide your account information or password over the phone or in response to an unsolicited Internet request. A financial institution would never ask you to verify your account information or confirm a password online. Thieves armed with this information and your account number can help themselves to your money.
Review account statements regularly to ensure all charges are correct. If your account statement is late arriving or does not arrive, call your financial institution and find out why. If your financial institution offers electronic account access, check your account activity online regularly to catch suspicious activity.
If you suspect that you have been the victim of identity theft or a phishing or spoofing scam, contact your financial institution immediately.