Do’s & Don’ts for
Online & Email Safety


Exercise extreme caution around any “urgent” requests that demand immediate action or response — or threaten negative consequences

Check the sender of all emails carefully to ensure it’s from a trusted source and legitimate domain, like (not or

Examine all emails carefully for proper grammar, spelling and punctuation. Does it look and sound like the type of email you usually receive?

Create a strong and unique password or passphrase

  • Avoid common words or numerals (password, 1234)
  • Never include personal information (date of birth, pet’s name)
  • Avoid famous quotes or well-known sayings

Use Multi-Factor Authentication (MFA or 2-step authentication) on all email and social media accounts

Make sure your systems and software are up to date

Report suspicious emails or requests to


Do not reply to any email that you think may be a fraud

Do not click on links or open attachments from unknown sources

Do not use a different email or phone number if it is not how you usually contact a company or individual

Do not use the same password for multiple accounts

Do not share your password, user ID or security question(s) with anyone

Do not send any confidential information (e.g., user ID, password, account number, etc.) via email unless it is encrypted


Mosaic will never ask you for your password

Mosaic will never send you an email threatening to disable your account if you don’t change your password immediately

Mosaic will never reach out to you requesting a loan payment via a mobile payment app, credit card or debit card

Additional Resources

Federal Trade Commission Consumer Advice