Imagine receiving an email from an online payment or shopping site in which you are a registered member. The email says something like this: "We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity." The transaction is for a large sum of money, so you panic, wanting to prevent this fraudulent purchase.

Or maybe it’s this message: “This is a notification of depleted funds in your account. Please confirm your payment information to prevent your account from being closed.” When you click, the page requests your full card number and expiration date and claims this is for verification purposes. If you give that information, you've just been phished!

Phishing is taken from the word “fishing,” because the perpetrators fish for people to give their personal information willingly. It is one of the most common methods of online theft, and anyone with an email account is a potential victim. It is particularly insidious because unlike conventional spam, which most people delete sight unseen, phishing emails appear to be sent from a legitimate domain address. Their messages also have the logo, template and website address that imitates the legitimate site. To the untrained eye, it can be impossible to discern the real from the fake.

One way to prevent phishing is to remember the process for logging in to a genuine site. In most cases, you have to enter an identification name and password. In a legitimate site, if you are registered member and a repeated shopper, all of your personal information is already stored. Your card number is on file and there is no need to reenter your information. Any page that asks such information should be a tip-off. If you have any doubts about the veracity of a letter, you may want to call or email the customer service department of your account. Don’t let phishers take you hook, line and sinker.