An unexpected message can look convincing because it borrows the name, logo and urgency of a real organisation. The safest response is often to leave the message alone and use a route you already trust: a saved phone number, bookmarked website or official app.
The FTC warns that phishing emails and texts may try to make people open a harmful attachment or share personal information. A familiar sender name is not proof, and urgency is not a reason to bypass normal checks.
Make the habit simple: pause, avoid the link, verify independently and report the message. If information was entered or a file opened, act quickly—tell the right person, change affected credentials from a clean device and follow the incident process.
Source: https://consumer.ftc.gov/articles/protect-your-personal-information-hackers-and-scammers




