Never answer an e-mail from your bank or credit-card issuer, because the vast majority of those e-mails are fake, even though they look real.
If you get e-mail from what you think is, say, Citibank, asking you to verify your password (yeah, right), call Citibank directly. Or go to the Citi Web site yourself–though not by clicking on the e-mail-embedded link.
Read your statements right away, and carefully. You have 60 days to report suspicious checks or withdrawals if you want the bank to investigate false charges.
Use a credit card instead of a debit card for online transactions. Debit cards don’t have the same anti-fraud controls or protections as credit cards. Most banks will remove fraudulent debit-card charges, but that can take so long you’ll have bounced a mortgage check or two before it gets straightened out.
