Fraudulent e-mails and web sites are designed to deceive you and can be difficult to distinguish from the real thing. You should be suspicious of any e-mail that requests your personal or account information.
Items to watch out for:
False sense of urgency. Many phishing e-mails try to deceive you with the threat that your account will be in jeopardy if it’s not updated right away or that it has been compromised.
Fake links. Check where a link is going by moving your mouse over the link in the e-mail and looking at the URL in the bottom bar of the browser. If it looks suspicious, don't click it.
Misspellings and bad grammar. Fake e-mails often, but may not always, contain misspellings, poor grammar, missing words, and gaps in logic.
Sender's e-mail address. To give you a false sense of security, the “From” line may include an official-looking e-mail address. The address may actually be copied from a genuine one.
Protect your online accounts:
Do not use links included in the e-mail. Open a new browser window and type in the URL you know to be correct.
Do not open attachments. Like fake links, attachments may be used in phishing e-mails and are dangerous. Opening one, even an image or PDF, could cause you to download spyware or a virus.
Call the company in question using a phone number you know to be correct. The person you speak with will most likely be able to confirm whether they actually need the information and if so, whether you can provide it over the telephone.
Use anti-phishing software. There are a number of programs available that will check the web address in question against a list of known phishing scams and notify you if the site appears there.
Update your computer with the latest browsers, upgrades and security patches. Some spoof sites are able to obtain your information through your internet host company's address if you simply visit the site.