Email—and most recently instant messaging (IM)—are vehicles for phishing attacks, a popular method of identity theft. Here's how it works. A fake email masquerading as a trusted source—a bank, retailer, government agency, or credit card company—leads to a fake Web site that looks just like the real one. When you get to the site, you're supposed to divulge personal information (including account information, passwords and PIN numbers), so the phishing scammers can steal your identity and drain your bank account.

Recently, a variety of phishing, spear phishing, has becoming increasingly sophisticated and common. Spear phishers targets a specific group. They've even hit MySpace, a social networking site. A spear-phishing message looks as if it comes from your employer, a coworker, or a friend. Think about it. We're more likely to be tricked by a phishing email if it contains targeted information about us—Hey Tom, It's Jake. We're mates from Highschool. Or Welcome Yolanda Juarez to our team. Or Install these new updates by January 30th.

It's Your Identity. Keep it.

Don't click on links within emails or IMs that ask for your personal information. If you follow the instructions, and enter your personal information on the Web site you're led to, you'll deliver that information directly into the hands of identity thieves.
Beware of pharming a form of phishing. With pharming, when you type in the address of a legitimate Web site, you're taken to a fake copy of the site without realizing it. Any personal information you provide at the phony site, such as your password or account number, can be stolen and fraudulently used.
Only open email attachments if you're expecting them and know what they contain. To be especially safe, use a good antispam filter to limit your exposure to spam email from phishers.
Know the person's identity before you provide any personal information. Legitimate credit card issuers and other companies don't ask for your personal information in email. Be safe. Ask for the person's name, the name of the agency or company, the telephone number, and the address. Then find out if they're legitimate.
Watch out for job seekers pretending to be potential employers, especially if they ask for your social security number and other personal information.
If you've provided account numbers, PINS, or passwords to a phisher, immediately notify the companies with whom you have the accounts. To find out how to put a fraud alert, contact the Federal Trade Commission's ID Theft Clearinghouse, www.consumer.gov/idtheft or 877-438-4338, TDD 202-326-2502.

Conclusion

We all enjoy the efficiency and freedom that email and IM offer. But there are scammers who take advantage of the medium. Fortunately, by staying vigilant, informed and by using security tools like Norton Confidential and Norton Internet Security, you can help reduce your risk.