Even if a web page starts with "https" and contains a key or closed padlock, it's still possible that it may not be secure. Some phishers, for example, make spoofed websites which appear to have padlocks. To double-check, click on the padlock icon on the status bar to see the security certificate for the site. Following the "Issued to" in the pop-up window you should see the name matching the site you think you're on. If the name differs, you are probably on a spoofed site. - Sec.gov
Phishing scams use fraudulent emails and fake web sites, masquerading as legitimate businesses, to lure unsuspecting users into revealing private account or login information. To be safe, if you receive an email from a business that includes a link to a web site, make certain that the web site you visit is legitimate. Instead of clicking through to the site from within the email, open a separate Web browser and visit the business’ web site directly to perform the necessary actions. You can also verify that an email is in fact from a legitimate business by calling the business or agency directly. - mcafee.com
Don’t fill out your social media profile.
The more information you share online, the easier it’s going to be for someone to get their hands on it. Don’t cooperate.
Take a look at your social media profiles and keep them barren—the people who need to know your birth date, email address and phone number already have them. And what exactly is the point of sharing everything about yourself in your Facebook profile? If you care about your privacy, you won’t do it. - time.com