Quoted from Hong Kong InfoSec website https://www.infosec.gov.hk/
Protecting Against Phishing Attacks
Preventive Measures
Do not follow URL links from un-trusted sources or emails such as spam emails to avoid being re-directed to malicious websites by malicious links looking seemingly legitimate.
Do not visit suspicious websites or follow the links provided in those websites.
Do not follow links to log on banking or financial organisations from search engines result.
Open email attachment with extreme care. Always check the attachment's extension. Never open attachment with "pif", "exe", "bat", ".vbs" extension.
Type the URL manually or follow the bookmarks you have made previously when visit websites.
Avoid conducting online banking or financial enquiries/transactions from a public terminal or unsecured terminals such as those terminals in cafe shops or in libraries. Hacking or Trojan programs may be installed to these public terminals.
Do not open other Internet browser sessions and access other websites while you are performing online financial transactions/enquiry through the Internet. Remember to print or keep the copy of transaction record or confirmation notice for checking.
Always be wary when giving off sensitive personal or account information. Banks and financial institutions seldom ask for your personal or account information through email. Consult the relevant organisation if in doubt.
Always ensure that your computer is applied with the latest security patches and virus signature to reduce the chance of being affected by fraudulent emails or websites riding on software vulnerabilities. This also helps to protect your computer from other security or virus attacks.
Review your credit card or bank account statements as soon as you receive them to check for any unauthorised transactions or payments.
Log into your accounts regularly to check for the account status and last login time to determine whether there is any suspicious activity.
Verify the legitimacy of the website of an organisation such as banks by contacting the organisation through its address or telephone number.
Responsive Measures
Change the password immediately if you suspect that your have already been defrauded (e.g. responded to phishing emails or supplied your personal/financial information to the fraudulent websites). Check your account status and contact the relevant organisation and/or report to the police immediately.
Send the phishing emails to the relevant organisation and/or the police for their investigation.