All of us, at one point or another will get hit.

1 - But, before you respond to any request for personal information, regardless of who is asking for it, Chase, Paypal, Discover.... goto the email that sent you the request, press "show details" and voila', an email that resembles the one you expect but not it!!, They still cannot reproduce the real email of the company they are pretending to be!!

2 - I have learned never to respond to ANY request of personal information, and if I do, I check the email that sent it. Still, the best way to avoid it is to ignore the request and then go to the company website directly and find out if they really need the info-=That never fails.