Most legitimate and established businesses will not use these methods to ask for passwords, account or credit card numbers or other confidential information. It's easy for phishers to trick people--for example, by forging the "From" address of an e-mail message.

While browsing, be particularly suspicious of windows that do not include the address bar. Do not enter personal information unless you're sure it is from a Web site you trust and that it takes appropriate steps to protect your data. The best way to do this is to follow #3 below.

If you get an e-mail, instant message or pop-up window that asks for personal information, do not click the link. Doing so could take you to a phony site where any information you give may be sent to the scam artist who built it.

If you're unsure whether a message is genuine, call the company using the number from a past statement or the telephone book. To visit the Web site, type the address or use your own bookmark.

Before you enter any confidential information, find out if the site uses encryption to protect your data, and check to make sure you're at the site you think you are. Phishers have ways of faking the Web address that is displayed. If you have even the slightest doubt about a site's legitimacy, play it safe and leave.

• Check for signs of data encryption, a security measure that helps protect sensitive data as it traverses the Internet. As shown below, look for https ("s" for secure) in the Web address and for a tiny closed padlock or an unbroken key.

• Check to make sure you are where you think you are. Unfortunately on some systems, the padlock (and key) can be faked, so double-click it to display the security certificate for the site. As shown below, look for a match between the name on the certificate and in the address bar. If the name differs, you may be on a faked site.

To make sure nothing is amiss, carefully check all your credit card and bank statements monthly and regularly log in to any online accounts.