"an attempt to acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication."
The most common form of phishing is when someone receives an "urgent" email asking them to take immediate action to prevent some impending disaster. Here are some examples:
"Our bank has a new security system. Update your information now or you won't be able to access your account."
"We couldn't verify your information; click here to update your account."
Once a person clicks on the provided link, they are taken to a webpage that looks exactly like the legitimate web site that they know (e.g. the website of their bank). Because the page looks familiar, people enter their username, password, or other private information on the site, not knowing that they have just given their information to someone unknown, who can now use this information to hijack their account, steal their money, or open up new lines of credit in their name. They just fell for a phishing attack.
Google just issued a warning on their official blog, to warn people from these phishing emails. According to this post, you can reduce the chances of being a phishing victim by following these steps:
- Be careful about responding to emails that ask you for sensitive information
- Go to the site yourself, rather than clicking on links in suspicious emails
- If you're on a site that's asking you to enter sensitive information, check for signs of anything suspicious
- Be wary of the "fabulous offers" and "fantastic prizes" that you'll sometimes come across on the web
- Use a browser that has a phishing filter
You can read the details of these steps here. In addition, there are several quizzes online to test whether you can differentiate between a legitimate webpage (or email) and a phishing one. Just type "phishing IQ quiz" in your favorite search engine, and enjoy!!