Phishing or spoofing has been in the news recently, thanks to a number of online frauds that have hit the headlines. Chances are you have even received a few e-mails warning you not to disclose your bank details (such as your account number or online banking password) to what may seem like authentic bank e-mails.

Now while you may adhere to the instructions religiously for fear of losing your life's savings, you are probably not completely aware of what phishing is or how it can threaten your online identity, security and funds.

• Shopping online? 5 tips for a safer experience

So, to help you understand the threat better, we present the most frequently asked questions when it comes to 'phishing'.

My friend sent me an e-mail asking me to be careful about e-mails from my bank? Why is that?

What your friend is cautioning you about a phenomenon called phishing (pronounced fishing). It's important that you become familiar with the term. Phishing is an online fraud perpetrated to steal your identity and gain access to sensitive information such as your online banking username and password, credit card details etc.

So how exactly does phishing work?

A phishing attack could take many forms. You may receive an e-mail seemingly from your bank asking you to click on a link and update your username and password as part of its maintenance.

Or you may get a similar e-mail from your credit card company asking for your credit card and CVV numbers and other details. Such e-mails are most likely to have been sent by fraudsters, who will capture the data you enter to misuse your bank accounts or credit card details.

• How to protect your computer from Internet hackers

Phising attacks are not restricted to financial information, and often extend to identity theft. Spear fishing is an e-mail spoofing scam intended to compromise your corporate accounts through an e-mail that looks to have come from a colleague.  

So what could happen if I do fall for such a phishing attempt?

Several unsavoury things. For example, if you give out your credit card details, the phisher could use it to carry out fraudulent transactions on your card. Your online banking account can be similarly misused. Or you could end up on some e-mail marketer's list, and receive a lot of spam in your inbox, many of which may be malicious.

What are the ways in which you can fall for a phishing attempt?

There are lots of phishers out there thinking of diabolical new ways of deceiving you. The most common way of misleading users is by manipulating links. For instance, a malicious email purporting to be from your bank (let's say Feelgood Bank) may contain a link to www.feeelgoodbank.com (notice the extra 'e') instead of www.feelgoodbank.com. When you click on the former you are taken to a page that looks exactly like the real website, but actually belongs to a fraudster.

Another common trick is to try to deceive you with anchor text for a link. For instance, the email may encourage you to click on Feelgood Bank, only that the hyperlink leads to another totally different site, www.youvebeenconned.com.

• The Dummy's Guide to Social Networking Etiquette

Other ways of phishing are to invite you to participate in surveys for some monetary payment and e-mails telling you that you have won a lottery, to claim which you would have to enter some personal details.

Can I trust a web page if the URL looks legitimate?

Not really. Some phishers use images of legitimate URLs on your address bar. You might think it's the real McCoy and end up on the page of a fraudulent website. Some even hack a trusted website's code. The link may redirect to a fake site where everything from the URL to the security certificates may seem legitimate. This is very hard to detect.

There are many, many ways in which phishers can hook you. Eternal vigilance is the key to prevent phishing tragedies.

How can I avoid falling into the phishing trap?

Here are some simple dos and don'ts that can save you a lot of heartache.

• Don't click on any links in emails, and if you do end up clicking, don't enter any sensitive information on the resulting sites. Instead, open a browser and type out the address of your bank or credit card issues. No bank or financial institution will sending you a mail requesting you to update your information by clicking on a link.
• Don't email sensitive information. If you get an email from a person or institution you trust seeking information, call up the helpline or any number that you know belongs to that institution and verify.
• Don't be taken in by emails that threaten to shut down your account if you do not supply the information or promises of lottery winnings. These are usually faked.
• Genuine sites use encryption to transfer your sensitive information securely. So always check for the symbol of a lock on the bottom right of your browser and https:// instead of http:// in the address bar. To make doubly sure, click on the lock and check to whom the certificate is issued.
• If you are not sure about the site, try entering a wrong password. A genuine site will tell you that you have typed the wrong password. A fraudulent site on the other hand will accept it.
• If you think you have fallen victim to a phishing attack immediately contact your financial institution over the phone.
• A good practice is to have different usernames and passwords for different sites.
• If you suspect a mail to be suspicious, forward it to the customer service email for the bank or institution in question.
• Install a good anti-virus, anti-spyware and spam filter.