The best way to avoid becoming a phishing victim is to remember that real companies almost never send e-mail asking you to submit personal data. The message might include fancy graphics, trademark symbols and an authentic-looking e-mail address in the "from" line, but all of that can be easily faked. Here are some easy ways to tell:
* The message tries to scare you into giving up personal and financial information by saying that your account needs to be verified, updated or confirmed.
Transcript: Brian Krebs hosted Dave Jevans, chairman of the Anti-Phishing Working Group.
* The message threatens negative action -- canceling your account, for example -- if you fail to take the requested action immediately. If you think the message may be legitimate, contact the organization by phone or open a new Internet browser window and type in the company's Web address. Do not cut and paste material from the suspicious message!
* The message appears to come from a company you do business with, but it calls you "Dear Customer" instead of your name.
The Federal Trade Commission and the Anti-Phishing Working Group also offer tips on avoiding falling prey to phishing. Visit their Web sites for additional information.
EarthLink offers a free "ScamBlocker" toolbar that you can install on your Internet browser. It alerts you before you visit pages that are on the company's list of known phisher Web sites. EBay, one of the top targets for phishers, has a similar toolbar.
-- Compiled by Brian Krebs, washingtonpost.com