- Avoid relying solely on SPF and DKIM checks to validate emails, as the source email may be compromised.
- Avoid responding to messages, clicking links, or opening attachments from unknown or unverified senders, and exercise caution with emails from known senders.
- Confirm the legitimacy of requests by contacting the sender via a separate means of communication, such as by phone, using contact information obtained from official sources before responding, divulging sensitive information, or providing funds.
- Navigate directly to legitimate websites and verify before submitting account credentials or providing personal or financial information.
- Use strong, unique passwords and enable multi-factor authentication (MFA) where available, choosing authentication apps or hardware tokens over SMS text-based codes.
- Reduce your digital footprint so that threat actors cannot easily target you.
- Report malicious cyber activity to the FBI's IC3 and the NJCCIC.
