- Refrain from responding to unsolicited communications, clicking links, or opening attachments from unknown senders.
- Exercise caution with communications from known senders.
- Confirm requests from senders via contact information obtained from verified and official sources.
- Type official website URLs into browsers manually and only submit account credentials and sensitive information on official websites.
- Use strong, unique passwords for all accounts and enable MFA where available, choosing authentication apps or hardware tokens over SMS text-based codes.
- If the account has been compromised, log out of all devices, revoke any access tokens, and reset passwords.
- Report these scams and other malicious cyber activity to the FBI's IC3 and the NJCCIC.
