You can read a quick definition of phishing on our Identity Theft Terms to Know page. Let’s talk about phishing in detail today because it’s one of the identity scams almost everyone’s encountered.

Phishing refers to attempts to steal personal information from you over the Internet. This includes bank account data, credit card numbers and passwords to online banking and e-commerce services. Sometimes, phishing attempts are looking for active email addresses, too, so as to spoof them (that is, send email that appears to be from the address) to commit further acts of fraud.

Email is by far the most common source of phishing attempts. That’s why you’ve almost definitely seen phishing before, in the form of email that asks for your personal information. These emails are designed to look like they come from someone you do business with. Common disguises include major banks (JP Morgan Chase, Citigroup), Paypal, Ebay, major department stores, credit card companies and online retailers such as Amazon.com. They’re made to look just like the real thing by using those companies’ logos, graphic design and writing styles, and even look like they have legitimate links back to the real organizations.

In fact, links in these emails go to false web pages (again, they look like they belong to legitimate businesses). In many cases, scam artists use a technique that embeds an authentic looking string of letters inside a very long address. This exploits the fact that many email applications cut off overly long addresses, unwittingly editing out the true source of the email.

Other phishing strategies use social networking sites like Facebook and Myspace to steal information from “friends” once the scam artist sets up a false profile, and IM chats where the person on the other end uses a fake identity and fast-talks the victim into sharing the information.

In all cases, the best way to protect yourself is to simply never click through email from any organization that appears to be involved in financial transactions, or would ask for your information. Instead, enter the address manually and go to the site yourself. Don’t believe anything you read until you get there, enter your account completely by yourself, and read what’s on the site.

Phishers can be very convincing and frankly, you might still slip up. If that happens, identity theft protection services like TrustedID.