Cyber criminals are getting more and more sophisticated and savvy in their attacks, so it’s more important than ever learn to spot their tricks and, in turn, keep your information safe. A phishing attack is a malicious attempt to obtain private information by posing as an otherwise trustworthy or legitimate source. A social engineering attack is very similar to a phishing attack, except it attempts to psychologically manipulate someone into taking an action or disclosing information they might not have otherwise provided. Here are a few tips for preventing yourself from getting tricked:

• Don’t respond to emails or phone calls asking for personal or sensitive business information, including confidential files, usernames or passwords, account numbers, or medical or payment information.
• Don’t open email attachments unless you can verify the authenticity of the sender. If you have even the slightest doubt about the authenticity of an email or its sender, don’t open it! You can usually verify the authenticity of an email or request yourself and through a separate channel than where the request came in. For example, if a fellow employee asks you for account information via email, but the request came from a different address than they normally use, ask them in-person about the authenticity of their request.
• Never, ever reveal your personal credentials or login information to anyone else. IT staff will never ask for nor need your password, and your supervisor or co-workers should never need or have access to it either.

For more information on determining whether an email is authentic, click here.