Phishing (or hoax) emails appear to be from a well-known company, but can put you at risk. Although they can be difficult to spot, they generally ask you to click a link back to a spoof web site and provide, update or confirm sensitive personal information. In order to bait you, they may allude to an urgent or threatening condition concerning your account. Even if you do not provide what they ask for, simply clicking the link could subject you to background installations of key logging software or viruses. Every business on the Internet is a potential victim of phishing email attacks, eroding the trust of their customers in the company's communications.
Phishing, according to H. Buss, is one of the most serious types of email scams associated with spoofing. Phishing occurs when an email sender makes an email appear to be from a legitimate source in order to gather information like usernames, passwords, credit card information, and other private data. Emails designed to mislead email users into inputting private data often look almost exactly like real emails sent from the company, down to the appearance of the company website and the company email and logo. These scam emails are usually made to look like a commonly used company or service like a bank, credit card company, or online florist. Though most phishing emails are sent out at random to any email address the spammers were able to gather, some spammers target specific groups of web users whose email contact information may have been accidentally breached or sold by a company that legitimately collected the email address. (H. Buss in wiseGEEK)
Defences against Phishing Scams
The following are some best practices to avoid being caught by phishing scams-
1) Do not respond to emails that request personal information (such as passwords), or follow URL links from untrusted sources and suspicious emails. In this way, you can avoid being re-directed to malicious websites by links that seem legitimate.
2) Verify the legitimacy of websites for organizations such as banks by contacting the organization by traditional mail or telephone.
3) Type the URL to the desired website manually, or use bookmarks you have saved previously when visiting important or crucial websites.
4) While logging into any online accounts you have regularly to check the account status and last login time; determine whether there has been any suspicious activity.
5) Always be wary when giving sensitive personal or account information over the web. Banks and financial institutions seldom ask for your personal or account information through email. Consult the relevant organization if in doubt.
6) Always ensure your computer is updated with the latest security patches and virus signatures. This will reduce the chance of being affected by fraudulent emails or web sites riding on software vulnerabilities. This also helps protect your computer from other security or virus attacks.
7) Consider using desktop spam- filtering products to detect and block fraudulent emails; however, beware of false alarms.
8) Send any phishing emails you receive to the relevant organization and also the police for further investigation.
Courtesy :- Legal Point Foundation