According to a recent study (well timed like others), in upwards of 1 in 4 people are hit by phishing every month. I distrust “studies” in general, and really want to know how one identifies a phishing attempt amongst all the people who don’t what one is to begin with.
It rings particularly well when another study tells us that most Americans are not prepared for phishing attacks. Problem is, most Americans don’t have the time to study the process in enough detail, and phishers know that.
Breaking down the preparation process is easy – just get your eyes checked.
Phishing attempts often exhibit classic signs of a rush job. You may see spelling mistakes in the email (eBay and your bank don’t make spelling mistakes). The fonts may seem screwy (could be from an old email client, or the entire email could be a jpeg image).
In the latter case it is easily identifiable by running your mouse over the body of the email. If your mouse identifies a link all over, then it is bad. The other way to prevent this is set your email client to prompt for downloading images. While a valid email from Paypal may have its logo in it, a missing logo will not affect the function of that message.
Watch your address bar when looking at HTML-like email. If the URL syntax points to a subdomain like “wellsfargo.10X419.com” then it is a lure. You should have seen www.wellsfargo.com\something (or even something.wellsfargo.com). Don’t let the latest forwarding tricks fool you either. If what seems like a valid address is followed by something like ?=http://somethingelse.com, trash it.
You have to educate yourself at that level (and rely on it) – no level of technology implementation is going to cover all your bases.