In computing, phishing is the act of attempting to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business with a real need for such information in a seemingly official electronic notification or message (most often an email, or an instant message). It is a form of social engineering attack. The term phishing comes from the fact that Internet scammers are using increasingly sophisticated lures as they “fish” for users’ private information and password data.
If you are contacted about an account needing to be “verified”;
- Do not click on any links within the message.
- Do not download any attachments with the message.
- Do not respond to the original message.
- Do contact the company in question directly, either by phone (using a number you know to be true, not one within the message) or in person and report the incident.
Be especially concerned about an address containing the “@” symbol, for example http://email@example.com/. These addresses will attempt to connect as a user www.google.com to the server members.tripod.com. This will very likely succeed even if the user does not exist, and the first part of the link may look legitimate. The same is true for misspelled URLs or subdomains, for example http://www.yourfavbankdomain.com.spamdomain.net.
Further information and advice on how to avoid phishing and what to do if you think you have been a victim of phishing can be found at the Anti-Phishing Working Group website.
Information from www.wikipedia.org and associated links.