“Phishing” is a form of Internet fraud that aims to steal valuable information such as credit cards, social security numbers, user IDs and passwords. A mock website is created that is similar to that of a legitimate organization, like a financial institution or a large internet store. An email is sent requesting that the recipient access the counterfeit website (which will usually be a replica of a trusted site) and enter their personal details, including security access codes.
The scam is particularly effective when the victim has recently done business with the legitimate company and assumes this email to be authentic correspondence. The term phishing arises from the use of increasingly sophisticated lures to "fish" for users' financial information and passwords.
Always be suspicious of banking or store emails that contain requests to follow a link within the email.
While the email may look authentic, you can often determine the legitimacy of the email by verifying where the link contained inside the email is redirecting to. To do this, hover your cursor over the link and check that the displayed url near the bottom of the screen matches the one within the email. For example, the "phishing" email below displays a authentic-looking address for amazon.com, but within the link is a completely different address. In every circumstance, you should avoid clicking this link.
Generally, companies do not send emails that direct you to a login page. Check the website help/customer service area of the company website for reference to the company's policy for email communication. Many companies have created a page to help alert you of possible "phishing" emails that people have received and offer an email address to forward suspicious emails to.
Instead of clicking on a link within an email to visit a company's site, type the url into your web browser or do a Google search for the company's website. This way you can be certain that you will be logging into the legitimate site.
Type "amazon.com" into your browser's address bar instead of clicking the link in an email, then proceed to login.
PayPal phishing example
An example of a phishing email targeted at PayPal users.
In an example PayPal phish (below), spelling mistakes in the email ("no choise but to temporaly suspend your account"), and the presence of an IP address in the link visible in the tooltip under the yellow box ("Click here to verify your account") are both clues that this is a phishing attempt.
