Phishing is when you get an email (or sometimes a phone call) that asks you to confirm your bank account information or your social security number.  It's one of the most prolific types of fraud, making it quite a major problem.  The wife of the CEO of DreamHost recently fell for a scam that said she was owed a tax refund from the IRS.  All she had to do was go to a website and enter her credit card information and her social security number, which she promptly did.  Thankfully, the credit card was cancelled and nothing else happened.  But it was a pretty big mistake. 

What I don't fully understand is how people fall for these things.  Actually, I do understand:  People get an email from somebody claiming to be PayPal, eBay, or SouthTrust Bank, at which point they're asked to verify some information or fill out a form to receive money.  People don't want their accounts to be cancelled and they'll do pretty much anything for money, so they quickly comply.  It's actually a really good system.  Scammers know that there are people out there who are naive enough or ignorant (unaware) enough to give out important information on the internet, so it's just a matter of sending email to a large enough number of people.  The percentages work out:  If it's even 1% effective, that means out of every 1000 emails sent, the scammer will get 10 people's information.  Not bad at all. 

So I have some practical advice for how to avoid phishing attacks: 
1.  Never trust an email.  No bank will ever ask you to verify your information via email (when would a bank ask you to verify your information in the first place?).  The IRS will never notify you of a tax refund opportunity via email.  Basically, nothing important will ever happen through email.  It's just too unreliable.  Things get lost, caught in spam filters, or just ignored. 

2.  Be extremely cautious about entering your financial information and credit card number online.  For some things, it's necessary:  To sign up for PayPal, to transfer money to a different bank account, to get paid by selling things online, to buy things online.  But that's pretty much it. 

3.  Never enter your social security number into a website.  And by never, I mean pretty much never.  Again, it's sometimes necessary to enter your SSN for tax identification purposes if you're signing up for something that will earn you money.  But most other times (the extreme majority of times), it's not necessary. 
#technology