Whatever you do, don't take the bait.

When online scammers use email “lures” to “fish” for passwords and financial data from Internet users, they are said to be “phishing.”

Also called “brand spoofing,” phishing involves e-mail messages and web pages that replicate legitimate business sites. These duplicate sites are then used to deceive users into handing over personal information and financial data by asking for passwords, credit card numbers, social insurance numbers, and bank account information. For instance, if you click on a link in the offending e-mail, it will take you to a mock-up of the legitimate company’s website. Your login details, credit card info and password are then requested.

Criminals who engage in phishing want people to believe that the appeal for information is coming from a legitimate company. In reality, it is a fraudulent effort to gather information for the purpose of committing fraud.