Phishing is an email technique used by people who try to obtain your personal and financial information so that they can then purchase products or open up credit lines in your name. The emails they send are designed to deceive you and often look as if they came from a credible source.

Over the years, I have received dozens of emails that look like they came from departments in real companies such as eBay, Paypal, Amazon, etc. Sometimes the emails look like they cam from the security department or sometimes they look like they came from the “Account Team”.

There are obvious components of fraudulent email that all phishers will use to obtain your trust and personal information.

1. The From line. Often times the “From” line will include an official-looking email address that is different by one or two characters from a real department in a legitimate company that you may or may not be doing business with.

2. The Email Greeting. If your email starts off with a “Dear Sir” or “Dear User” then you know that the sender of the email does not know you by name. A legitimate source will contact you with the proper salutation which includes at the very least your last name.

3. A Warning Message. Phishing emailers will try to create fear or panic by stating that the message is urgent and that if you don’t act soon you will lose account privileges or you will soon be unable to access your account altogether. To keep your account open and accessible you are requested to please login and verify your account by providing private information.

4. Fraudulent Links. You may be asked to click on a reasonable looking link that takes you to a website that also looks legitimate. Clicking on the link will take you to a site that asks for your personal information or, worse, launches a virus. Never click on links if you suspect a false email source.

5. Attachments. Never click on an attachment if you do not trust the source. As with fraudulent links, attachments can also be used to download spyware or viruses.

If you suspect you have received a phishing email send or forward the email to spam@uce.gov – and to the company or organization impersonated in the phishing email. You can also report phishing email to reportphishing@antiphishing.org. The Anti-Phishing Working Group is a consortium of ISPs, security vendors, financial institutions and law enforcement agencies that use these reports to fight phishing.

If you think someone has used your information to steal your identity then please go to the Federal Trade Commission’s Identity Theft website, ftc.gov/idtheft, to learn more about how respond to and recover from identity theft.