Phishing is an identity-theft scam that uses "spoofed" or fake emails and web sites to trick people into giving out personal information, such as credit card numbers, usernames and passwords, or social security numbers. Phishing is usually done by hijacking the brand identity of a bank or an online store in a spoofed email that is sent to large numbers of people. The email will usually contain a link to a Web page designed to look just like a legitimate company's site. A phishing scam will use this page to capture any information that you provide, then sell or use the information for malicious purposes.

What steps can I take to avoid phishing scams?

• Always be suspicious of any email asking for sensitive information.
  Remember that email is not a secure form of communication and there are virtually no companies that would ask for your password or account number through email. Phishers will usually include false statements that are designed to make you give up your information more quickly, such as "Your account is going to be terminated unless you respond immediately."
   
• Never respond to an email request for personal information. If you ever need to provide personal information like a credit card number, make sure you are using a secure, trusted website or call the company directly.
   
• Never follow the links in an email you suspect might be phishing. If you are unsure about a link to a site you receive in an email, log directly into the website by typing the address into your browser's address bar or call the company. Most companies will know if there is a phishing scam involving their company and be able to verify if the information in the email is real or not.
   
• Always make sure your operating system, antivirus software, and browser are up to date. Some scams use viruses or holes in the security of operating systems like Windows and browsers like Internet Explorer. You should always make sure you have the latest security updates installed on your computer. Information Technology works diligently to keep all servers and desktop computers updated with the latest security updates, anti-virus software, and anti-spyware. It is up to you to make sure your personal laptops and home computers are kept up to date.

I think I've been scammed. What should I do?

• Report it to the company immediately.
  If you have given out a password or account number or other personal information, make sure you contact the company as soon as possible. If your credit card number was stolen, the company can cancel the card and provide you a new one. Banks will often do the same if your account is compromised. Most companies are prepared to deal with these kind of problems and the sooner you report it the better.
   
• Report it to the FTC.
  Visit www.ftc.gov to report suspicious email. File a complaint if you've been scammed, and find out more information about minimizing the risk and damage of identify theft.

Additional Information about Phishing:

Phishing and Identify Theft
Video from Microsoft: What you should know about phishing identify-theft scams.

Anti-Phishing Working Group
Lists the latest phishing scams, information on protecting yourself, and what to do if you've been scammed.

Federal Trade Commission
An article by the FTC on how to not get taken by a phishing scam.

Wikipedia
An informative article about phishing, with a list of additional links to more information.