- Confirm the source and instructions of any monetary transaction received via email through a separate means of communication, such as a phone call. Email replies are not an effective verification method, as they could be sent to the threat actors.
- While an email may appear to come from a known and trusted account, that account may have been compromised. Verify all requests for money transfers.
- Navigate directly to legitimate websites and verify them before providing sensitive information or wiring funds.
- If funds are unintentionally wired to a fraudulent account, immediately notify a supervisor, the banking institution, the FBI, and the US Secret Service to stop the wire transfer. Unless the fraudulent transaction is discovered quickly (typically within 48 hours), it can be difficult, if not impossible, to return the stolen funds.
- If personally identifiable information (PII) has been compromised, review the Identity Theft and Compromised PII NJCCIC product for additional recommendations and resources, including credit freezes and enabling MFA on accounts.
- Report phishing emails and other malicious cyber activity to the NJCCIC and the FBI's IC3.
