Section 8 - What is Phishing?

Phishing is an attempt to get you to reveal logins, passwords, account numbers and other personal information. Phishers send an email or pop-up message that claims to be from a business or organization that you deal with - for example, your Internet service provider (ISP), bank, credit card company, online payment service (such as PayPal), or even a government agency. The message usually says that you need to "update" or "validate" your account information. It might threaten some dire consequence if you do not respond. The message directs you to a Web site that looks just like a legitimate organization's site, but it is not. The purpose of the bogus site is to trick you into divulging your personal information so the phishers can steal your personal information.

How do I respond to a phishing attempt?

If you get an email or pop-up message that asks for personal or financial information, do not reply or click on the link in the message. Legitimate companies do not ask for this information via email. If you are concerned about your account, contact the organization in the email using a telephone number you know to be genuine, or open a new Internet browser session and type in the company's correct Web address. In any case, do not cut and paste the link in the message.