According to the Wikipedia, Phishing (pronounced FISH.ing) is a form of social engineering, characterised by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an email or an instant message. The term phishing arises from the use of increasingly sophisticated lures to “fish” for users’ financial information and passwords.

COMPUTERWORLD’s DEFINITION: “Phishing is a technique used to gain personal information for purposes of identity theft, using fraudulent e-mail messages that appear to come from legitimate businesses. These authentic-looking messages are designed to fool recipients into divulging personal data such as account numbers and passwords, credit card numbers and Social Security numbers.”

WARNING: None of the emails below are legitimate emails from the companies they seem to represent. All of them are bogus and attempt to solicit account information from customers of the target companies. No legitimate emails from these companies would ask you to verify your account information in this manner. Note that most of the links in these emails do not go to the real companies websites, but rather to some other website where a fake input form is used to collect the customers account information.

Whenever you are inboubt about an email that appears to come from a company with whom you have an account, do one of the following:

1. Call the company to verify that the email was sent by them.
2. Forward the email to an email address from the company that you know is valid and ask for verification. Don’t use any email address that is supplied in the email you received.
3. Type the company’s URL directly into your Browser’s URL address box (don’t use any links in the email that was sent to you). Logon to your account and check if your account is working properly. Look to see if the company has an address where you can report suspecious emails or mailings and forward the email to that address.

Phishing Email Example 1:

The following example was received 12/14/05 and targets USAA customers. Note that the link provided in the email does not go to a USAA website. However, even if it did seem to point to a USAA website, the link could be descised through several methods using HTML email to actually be pointing to somewhere else so don’t ever assume that the links are really pointing to the legitimate company website even if they seem to be doing so. USAA will NEVER send their customers an email similar to the one below asking the customer to enter their account information for verification.

Dear USAA Member,

During our regular update and verification of the accounts, we could not verify your current information. Either your information has changed or it is incomplete.

As a result, your access to online banking on USAA has been restricted. To start using fully your online account, please update