Don't Take the Bait.

Criminals Use Fake Emails to Phish for Your Information.

What is Phishing?

Online fraud and identity theft are on the rise, and cyber criminals may try to steal your personal information by tricking you to click on a fake email that looks legitimate. Phishing emails often ask for personal information to gain access to your financial assets, to place malicious code into your computer or to steal your identity. Be wary of any emails requesting personal information like account numbers, passwords, credit card information or Social Security numbers.

Criminals design these messages to trick you, so they may look like real messages from companies you trust, but with fake web links, phone numbers, and attachments. This method of email fraud is called phishing. Be cautious of emails you are not expecting asking you to click any links or open attachments.

Phishing Facts

  • Phishing scams can appear as emails from brands you trust.
  • As many as
    of all successful cyberattacks are initiated via a
    phishing email1
  • 74%
    of U.S. organizations experienced a successful phishing attack in 20202
  • Phishing accounts for 90%
    of data breaches3
  1. Splunk Top 50 Security Threats Report 2020
  2. Splunk Top 50 Security Threats Report 2020
  3. Cisco 2021 Cybersecurity Threat Trends Report

How to Identify a
Phishing Email.

  • Poor spelling or grammar
  • Generic or non-personal greetings
  • Requests personal information (passwords, financial information, etc.)
  • Unusual or unnecessary sense of urgency
  • Offers that are too good to be true
  • Emails that instruct you to transfer money or to change wire instructions

Validate any links by hovering your mouse over the link without clicking to confirm it points to an address you expect.

'FA-Secure' emails will only point to the sites listed below.


Tips for your Technical Team.

If you are part of a professional organization that manages security, you can ask your technical team to enable some additional settings to defend against phishing.

  • Multifactor authentication (MFA) can help protect your network, email and other core systems. MFA makes it harder for attackers to compromise both your password and the second authentication factor to obtain access to your accounts. Leading practice is to separate the factors to something you know (like a password) and something you have (like a mobile phone) to make it more difficult to compromise both.
  • Emails from entities outside your organization can be labeled with external tags (in the subject line or banners on the email). This helps your organization more easily identify emails which may require more scrutiny.
  • DMARC is an email protocol that can be enabled to verify the validity of the sender. First American takes email security seriously and as a part of our commitment to our customers, we authenticate all legitimate emails. We encourage our partners to reject any messages you receive from our domain that do not pass these DMARC enforcement policies.

What to Do if You Receive a Phishing Email.

If one of these suspicious emails should arrive in your inbox, here are some steps you can take to protect yourself.

  • Never Click a Link Without Checking: Hover your mouse over the text of the link without clicking to verify the true destination of the link. The true link address will be displayed in the lower right corner of your browser.
  • Keep Your Systems Updated: Be sure to keep your operating systems, browsers, email software, virus protection and apps updated with the latest versions. These updates will often contain fixes for certain vulnerabilities that fraudsters may try to exploit.
  • Be Careful With Attachments: If you are not confident that the sender is legitimate and the attachment is secure, call the sender through an independently verified telephone number and confirm they actually sent the email.
  • Report Suspicious Emails: Most email software (Microsoft Outlook, Gmail, and others) have functions that allow you to report suspicious emails and provide details of the email. You can also report any fraud attempt to the Federal Trade Commission (FTC).

Do not click links in or reply to suspicious emails. Call the supposed sender through an independently verified telephone number and delete the fishy email.

Report Suspicious Email.

It might be difficult to tell whether an email is truly from a company you trust or just looks like an authentic communication. If you receive a suspicious email that appears to be sent from First American, please forward the message as an attachment to, and we can help you verify it.

Please follow the steps below, and our security experts will investigate. These steps may take a few extra minutes but your help reporting phishing emails protects everyone.

How to Forward Your Suspected Email.

To enable our investigation, we need to receive the suspicious email as an attachment. For your convenience, we've included some instructions from some common email providers. You can also find the most current instructions from your email provider's support center.

Outlook 2019, 2016, 2013, 2010, and Outlook for Office 365 1

  1. Select the email you want to forward, then go to the Home tab.
  2. In the Respond group, select More Respond Actions. In Outlook 2010, select More.
  3. Select Forward as Attachment.
  4. In the To text box, enter
  5. You may enter the Subject as "Potential Phishing Email" or a different Subject of your choosing.
  6. Do not include any sensitive personal information in the email body.
  7. Click Send.

Gmail 2

  1. In Gmail, select the email you want report.
  2. Click the More icon and then click Forward as attachment.
  3. In the To text box, enter
  4. You may enter the Subject as "Potential Phishing Email" or a different Subject of your choosing.
  5. Do not include any sensitive personal information in the email body.
  6. Click Send.

1 - Reference link:

2 - Reference link: