Phishing attacks use email or malicious web sites to solicit personal, often financial, information. Attackers may send email seemingly from a reputable credit card company or financial institution that requests account information. When users respond with the requested information, attackers can use it to gain access to the accounts. Be suspicious of unsolicited phone calls, or email messages from individuals asking about employees or internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.”]
Source: https://www.cuinfosecurity.com/tips-to-avoid-phishing-attacks-social-engineering-a-488