One day, just normally going through your email, you come across an urgent notice from an online service or store that you’re registered with. There’s been some trouble with your account, it says, and if you click this link and fill out a security form, it’ll all be straightened out. Or perhaps it’s an email saying you’ve won an online lottery, and if you respond to this email now you could win ten million dollars. They look just like any normal email. They might even have company logos on them. The links take you to websites that look identically to the online company websites you’ve visited before.

They’re not any ordinary emails. They’re baited hooks from identity thieves. They’re phishing for your personal information (social security number, bank account number, credit card number, passwords, etc) with brilliant mimicry and hoping you’ll take the bait. With your numbers, they can not only drain your savings, but make you responsible for things you’ve never paid for. It can be a long, hard haul to convince bill collectors and banks that you are a victim of identity theft.

The World Wide Web is full of constant and ever changing jargon. Phishing might also be called “brand spoofing” or “carding”, but the term has gained prominence in the last few years. The fishing word makes sense – you trick a fish in order to catch it. But where did the “ph” come from? It seems hackers themselves spelled it that way, possibly in respect to “phone phreaking”, an early form of hacking utilizing public phone lines.

But whatever you call online identity theft, there’s no need to panic. You just need a little of your own common sense and the tips in this article to protect you from anything that smells “phishy”.

First, ask yourself, “Is this too good to be true?” If you receive an email saying you won a lottery you’ve never heard about, that definitely is a big blinking neon warning sign. Most lotteries in the world will NEVER send an email or phone call saying you’ve won, what amount you’ve won and could you send us your back account number for direct deposit? Also, check the spelling and grammar – that can be a dead giveaway that you have a phishing email before you.

Next, is it saying there’s a security problem of some sort? Is your account due to be restricted, terminated or screwed with form or another? And if you click this link and tell security your password and credit card number, all will be made well? That is a phishing email, too.

For example, I received several of these notices from PayPal. Just out of curiousity, I clicked the link. The website looked identical to PayPal’s webpage – almost. The URL was just slightly different, flashing a completely different URL before the URL I expected. They demanded my credit card number. Well, you don’t need a credit card to set up a PayPal account – why would they need one now?

If you suspect you’ve received a phishing email, contact the real company. Don’t use any email addresses or URL’s form your suspect email. Most companies, services and national lotteries will have detailed and easy to follow instructions for what you should do with the email. Some companies will tell you to ignore and delete it, but others will ask for a copy of your email so they can work on phishing out the “phishermen”.