How to Avoid Taking the "Phishing" Bait

One of the more sinister and increasingly prevalent methods of identity theft is the practice of "spoofing" or "phishing," involving the sending of e-mails that mirror the appearance of a popular Web site or company in an attempt to commit identity theft. Phisher e-mails claim to be sent by a legitimate company and ask consumers to reply with personal information, such as their credit card number, social security number and account password.

In response to the sharp increase in e-mail phishing, TRUSTe today released five rules to help consumers detect and avoid phishing scams:

1. Be suspicious of urgent demands for information. Often spoofed e-mails will make some form of urgent request. For example, the e-mail will claim that your account will be terminated if you fail to confirm, verify or authenticate your personal information.
2. Look for misspelled words or grammatical errors in the message and/or hyperlink. Blatant misspelled words and/or grammatical errors are common in spoof e-mail scams.
3. Avoid e-mailing personal and financial information. Before submitting financial or account information to a Web site, look for a third-party privacy seal to ensure that the transaction is secure. Also avoid volunteering private information like passwords or a personal social security number.
4. Be watchful of general greetings. Many spoof e-mails begin with a general greeting such as "Welcome eBay User" rather than directly addressing the registered user by name.
5. Contact the company directly. If you have any doubts about an e-mail or Web site, feel free to contact the company directly to verify Web site/e-mail credibility.

TRUSTe encourages consumers to choose Web sites for online commerce carefully. Only make purchases only from companies that take identity threats seriously. We advise that consumers work with companies that have taken steps to correct any challenging situations and demonstrated their support by countering cybercriminals engaged in phishing activities.