Phishing messages are designed to look as if they were sent from banks, IRS, mortgage companies, brokerage firms, ISPs, or other legitimate organizations with which you may do business, such as Citibank, PayPal, eBay, etc.
Tactics are improving, these emails look like they really are from your bank, eBay, PayPal. They’re using better grammar, more believable stories and better URLs. They’ll also try to get you to open the email using subjects associated with a holiday, current events.
These phishing messages instruct you to respond either through email or through a website with account numbers, passwords, social security numbers, or other sensitive information. The message may ask you to “update,” “validate,” or “confirm” your account information or face dire consequences.
Keep your operating system, browser, antivirus a nd firewall software up to date so that your computer can help you in the fight.
Be suspicious of links, attachments and unexpected e-mail messages. Delete any email that asks you to enter personal information at a linked website: Access your accounts directly by typing the URL yourself.
Don't click on, or enter information in, pop-ups or ads.
Never email personal or financial information. Email is not a secure method of transmitting personal information. If you initiate a transaction and want to provide your personal or financial information through an organization's website, look for indicators that the site is secure, like a lock icon () on the browser's status bar and the URL begins "https:" (the "s" stands for "secure").
Don't let your browser be "helpful" by allowing auto fill-out of forms or remember passwords. If your machine is compromised, they attacker will have all your information.
Use common sense. If it sounds weird or too good to be true, it probably is. Bill Gates is not sharing his fortune and they can’t track the email you forward!
Report phishing, whether you're a victim or not. Tell the company or agency that the phisher was impersonating. Most organizations have information on their websites about where to report problems. You can also report the problem to law enforcement agencies through the National Fraud Information Center/Internet Fraud Watch, www.fraud.org or 800-876-7060, TDD 202-835-0778. The information you provide helps to stop identity theft.