Phishing is a social engineering technique that attempts to fool a user into disclosing sensitive information. Phishing is normally carried out through email or instant messaging (IM) by getting a user to provide details on a fraudulent website or in response to the original email or IM sent. Some of the sensitive information that an attacker attempts to get from trusting users are usernames, passwords, and credit card details. Phishing is one of the most successful methodologies for theft.
To counteract these phishing attempts, it is important to become aware of these techniques. A general rule to follow is to not give any sensitive information to untrusted sources. Never access a trusted source by clicking on a link in an e-mail or instant message. Trusted organizations will never generally ask for username and password information as this type of information is kept strictly confidential. These organizations will generally confirm your identity through other means short of asking for usernames and passwords.
Another technical measure that has become successful in recent years to combat phishing attempts is through programs that test sites that are visited. If a site that comes up in a browser appears to be fraudulent, these types of anti-phishing software will notify the user and prevent them from going to these sites. Although the best course of action is user awareness, these anti-phishing software programs have been successful in protecting users from being fooled into giving away sensitive information.