Microsoft escalated its legal campaign against a pervasive form of online identity theft Thursday, filing 117 lawsuits against unnamed people accused of phishing.
Microsoft, the Federal Trade Commission and the National Consumers League offered these tips to avoid "phishing" scams (feel free to copy-paste these into any comms to your end users that work for you):
Be suspicious of unexpected e-mail messages in which someone asks for your personal information.
Don't click on links in e-mail messages that ask for your personal information. Although the pages to which they send you might appear legitimate, they may not be.
To tell whether a message is actually from the company it purports to come from, contact the company directly by finding its number elsewhere or looking for its Web site independently of the suspicious message.
Before giving any personal information, verify the identity of someone who contacts you to tell you that you've been a victim of fraud. Get the person's name, the name of the company or agency, the phone number and address. Then find the number independently and call to verify the person's legitimacy.