A momentary lapse led a client to respond to an e-mail from Wells Fargo, clicking on a link and filling in account information on the login page.

The message wasn’t from Wells Fargo, the account information went to sophisticated criminals overseas, and a lot of money was moved out of the client’s bank accounts in the next two hours.

I’ve got basic information about phishing on this page. It is potentially more devastating than anything that a virus or spyware can do to you. Institutions, vendors, and banks simply cannot and do not use e-mail to send anything unsolicited to you that requires a response. If you get an e-mail message in response to something you began, that’s fine – but never, ever should you respond to anything else by clicking on a link or replying to a message. Let’s put that in bold print:

No institution or vendor will ever contact you by e-mail regarding personal information or account information, except in response to something you have initiated. Assume that every unsolicited request is fraudulent.