Phishing is a kind of e-mail fraud where the perpetrator sends out legitimate-looking e-mails that appear to come from well-known or trustworthy Web sites in an attempt to gather personal and financial information from the recipient.
 
Phishers use a number of different social engineering and e-mail spoofing ploys to try to trick their victims. In one fairly typical case before the Federal Trade Commission (FTC), a 17-year-old male sent out messages purporting to be from America Online that said there had been a billing problem with recipients' AOL accounts. The perpetrator's e-mail used AOL logos and contained legitimate links. If recipients clicked on the "AOL Billing Center" link, however, they were taken to a spoofed AOL Web page that asked for personal information, including credit card numbers; personal identification numbers (PINs), social security numbers, banking numbers, and passwords. This information was used for identity theft.

Types of messages to look out for:

• Promotions, giveaways, urgent or special notifications
• Account suspensions, upgrades, violations, maintenance, or suspicious activity
• Verification of any personal or financial information
• E-mails claiming suspicious activity, use of your account, hacking, or fraud
• eBay/Paypal scams such as winning an action, payment of an auction, or request for money transfer
• E-mails offering advice, or protection against Phishing, or Fraud
• Donation e-mails asking you to give, verify, or provide further information
• Any e-mail that request your user name or password
• Any financial institution requesting anything, except for you to call them

If you are unsure whether an email is actually real or is a phishing attempt, contact the business it's representing (such as PayPal, for example) by going to their actual website and contacting them directly. Do not click or follow the links on the email if you have doubts about its authenticity, or reply to the email address it appears to come from.

If you have identified a phishing attempt, please report it so that other people can be protected from being defrauded. You will need to notify the company that is being impersonating and will likely be asked to forward the email to them so that they may investigate.