If you think phishing is something you do with your grandfather, you'd better pay attention. Ever since email became a common communication tool, people have found ways to abuse it, largely by phishing for your personal info with fake emails. Falling for this kind of email bait can allow ID thieves to easily steal your money. Don't take the hook. It is easy to identify and avoid phishy email.

Phishing is the term for email fraud, when scammers lure Internet users into revealing personal information in order to break into their accounts (it can also refer to pop-up messages with the same goal). Phishing attacks commonly come in the form of an email reporting a false threat or problem to one of your personal accounts. ID thieves often pretend to be major financial groups or other popular websites such as PayPal or Amazon, to name just a few.

Usually, the message will have a link that directs you to a website that may appear to be the legitimate financial institution or business the email is referring to–but it isn't. The websites are actually spoof sites that thieves use to intercept your personal account information when you log in. Many consumers are taking the bait because the spoof sites are so realistic.

Once the phishers obtain your information, they can do just about anything with your info. They can use your financial accounts, create new accounts, apply for credit cards under your name, or assume your identity outright. Recently, MySpace users and other social networking sites have been attacked. Think of all the personal information someone could get from your profile (or your friends' profiles) if they got into your MySpace account.

According to Message Labs, a messaging expert, the 2006 global phishing rate was 1 in 274.2 messages. So if you get 300 messages per month, you can probably expect at least one phishing message in that period of time. If you get a lot of phishing messages, you should consider changing your email address.

Sounds scary, right? But by taking the right precautions phishers can be easily foiled. The best things to do are:

* Don't respond to any emails that ask for personal or financial information. If a business or organization emails you about an emergency with your account, call them directly to verify.
* Never use links in an email to get to your online account–this could lead you to a phisher's spoofed site.
* Make sure you have online access to your accounts so that you can check for suspicious activity in between paper statements.
* Know that most legitimate businesses won't demand that you surrender your personal information in an email.

Learn more about phishing at onguardonline.gov. Also check out consumer.gov/idtheft for information from the Federal Trade Commission about phishing.

 

Sources: onguardonline.gov; ftc.gov; antiphishing.org; messagelabs.com; informationweek.com