Following the definition from the website http://www.webopedia.com, fishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identify theft.
The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The web site, however, is bogus and set up only to steal the user’s information.
To protect yourself against phishing the users must following some recommendations:
- Never open a email from a unknown sender
- Take care about which kind of attachments your are going to open
- Use Firefox instead of Internet Explorer
- Keep your web browser always updated
- Uses a good anti virus and update it daily
- Never click in links to go to any website, always prefer to type the address by yourself
- Pay attention about the locker that appear in the browser when entering in a protected website
In the blog http://www.jgc.org/blog/2006/09/watching-phishing-attack-live.html the author describe step by step a phishing attempt against his blog.
Another web site http://www.cs.utoronto.ca/~ronda/itrustpage/screenshots/index.html have a huge collection of screen shots from real fishing attacks. They also have a free GNU / GPL anti fishing software.