Phishing scams are fraudulent e-mail messages appearing to come from legitimate sources like your bank, your Internet Service Provider, eBay, or PayPal. These messages may direct you to a fake web site and ask you for private information (e.g., password, credit card, or other account updates). Legitimate companies will never ask you to provide your user name, password, or bank account information in an e-mail message.
There are often signs that can tip you off that a message may not be what it appears. The hints below can help you avoid "taking the bait."
Can you spot a phishing e-mail? Take this short quiz to find out.
To avoid phishing scams, never click the links provided within these types of e-mail messages. If you feel the message may be legitimate, go directly to the company's web site by typing it in your browser or contact the company by phone to see if you really do need to take the action described in the e-mail message. Delete the e-mail message from your Inbox, and then empty it from the deleted items folder to avoid accidentally accessing the fraudulent web sites it contains.
If you use Internet Explorer as an internet browser, you should enable the Phishing Filter. This feature enables a portion of the web browser to change colors to signify that the page you're on is a known phishing site.
Firefox has a similar feature. To turn on this feature go to: Tools > Options > Security. Check Block Reported Attach Sites and Block Web Forgeries.
If you do fall victim, tips for damage control are available on the OIT Security Center
For avoidance tips, more info and examples try these sites:
You can report these phishing scam attempts to the company that's being spoofed.