We've all received those annoying spam messages in our inbox — Reduce your debt; Lose weight while you sleep — the type of messages you instantly delete. You've probably also noticed another type of spam lurking in your inbox, disguising itself as an e-mail from a trusted, legitimate source, like a bank or Internet Service Provider (ISP). Upon opening the message, you are asked to provide some personal information, such as a credit card number, a social insurance number or a password.

Another scenario is an e-mail that directs you to a website that appears to be affiliated with a well-known company, where you are also asked to reveal your personal information.

Find out what phishing is all about

It's important to be aware of these fraudulent messages because if you inadvertently respond to one, you have been "phished."

A phisher is an Internet scammer who uses an e-mail lure to fish for personal information like financial data and passwords. While NZ companies are targeted less than American ones, New Zealanders still get hit with phishing scams every day.

Based on a survey by American research firm Gartner, an estimated 57 million American adults received e-mail attacks from phishers, and about three per cent of those attacked remember offering personal information like credit card numbers and billing addresses.

Learn to identify a fraudulent e-mail immediately

Keep in mind it is extremely unlikely that a major institution, like a bank and Internet Service Provider, or auction website, is ever going to e-mail you to urgently request sensitive personal information. One of the main problems with e-mail from phishers is that messages can appear to be authentic because they try to replicate the logo and other branding attributes of the institution.

Some are easy to spot because they aren't very well done and have a lot of spelling and grammatical mistakes. The following tips will help you to identify a potential scam:

• Look at the address beside the sender's name in the e-mail message.
• If you're redirected to a website, look closely at the actual URL to confirm it's legitimate.
• Be very suspicious of any e-mail that asks for personal information.
• When sharing any sort of personal information use the same amount of caution in the online and offline world.
• Never give out your banking information, pin numbers, or passwords.
• If you have any doubts about the validity of an e-mail, contact the organisation to confirm. Use a phone number you know is legitimate, as any links or information that are included in the e-mail are likely to be fraudulent.
• If your still unsure, there are several organisations such as NetSafe that are dedicated to helping out people who have been scammed. You can contact Netsafe toll free on 0508 NETSAFE (0508 638723) or email queries@netsafe.org.nz

The yellow padlock helps to indicate a site is secure

To ensure you're on a safe website, look for the locked yellow padlock icon in either the bottom right-hand corner of your browser, or within the address bar (as shown above). This indicates if a site is encrypted. Click the lock to see details on the security certificate. The information shown should match the site you think you are on. Additionaly, always protect yourself with a firewall, keep antivirus and anti-spyware software up to date, and regularly run a windows update.

OneCare

Another helpful tool in the fight against phishing is Windows Live OneCare. Its integrated anti-phishing technology helps you stay safe from e-mail scams.

OneCare monitors your PC to make sure you have Internet Explorer's Phishing Filter turned on. The filter notifies you when you've landed on a suspected phishing web site, warning you not to enter any sensitive personal information. For more information on Windows Live OneCare click here.

Find out how you can have a Better, Safer Browsing with Internet Explorer 7

Also read about How to Recognise a Phishing Scam E-mail.

Read more articles on Security...