Phishing. What is it?
Phishing refers to creating an imitation of an existing legitimate Web page or the use of email to trick users into providing sensitive personal information. This method of identity theft is rapidly increasing both in number of incidents and sophistication. Many attempts to gain information for identity theft appear quite legitimate.
Phishers send an email or pop-up message that claims to be from a business or organization that you deal with; for example, your Internet service provider (ISP), bank, online payment service, or even a government agency. The message usually says that you need to “update” or “validate” your account information. It might threaten some dire consequence if you don’t respond. The message directs you to a Web site that looks just like a legitimate organization’s site, but it isn’t. The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name.
Legitimate business don't ask for this information online. If you have concerns about your account, you should contact the organization in question through other means. To be safe, you should not respond to messages of this type or click on any url in the message. Because simply clicking on the url (especially for windows computers) can introduce viruses or other malware to your computer, it is important that your virus protection be kept up to date.
For more information about phishing see:
http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.shtm from the FTC
http://www.antiphishing.org/ an industry and law enforcement group
Spyware - This is software that sends your personal information to a third party without your permission or knowledge such as Web sites visited or your user name and password.