Recently, online marketing firm Epsilon's huge database was breached by hackers. Although actual passwords and credit card account numbers weren't accessed, names, and e-mail addresses of millions of banking and retail customers were most likely retrieved - providing the hackers with countless potential victims for what has become known as "phishing" expeditions.

These 21st century scams send out bogus emails using the names of credible businesses ranging from well-known banks and stores to government institutions (even the Internal Revenue Service and the Department of Motor Vehicles). In order to sound official and to gain trust, con artists behind phishing also trick email recipients by referring to current events such as political campaigns or by making urgent appeals to help victims of disasters

Their real goal? To persuade people to respond with personal and sensitive information like usernames, passwords, and credit card details. Then the cyber crooks are able to steal identities, money, and merchandise.

Don't get hooked by phishing bait

If you assume you're too computer and Internet savvy to fall for these con games, think again.

A new study by communication researchers from the University of Buffalo, Brock University, Ball State University, and the University of Texas published in the journal Decision Support Systems and Electronic Commerce concludes computer competency doesn't necessarily protect you from phishing scams. That's because these schemes have become increasingly sophisticated and more difficult to spot.

The research paper, entitled "Why Do People Get Phished?", lists warning signs that up the odds you are vulnerable to phishing schemes:

• You receive a lot of email and usually respond to much of it.
• You maintain several online relationships.
• You conduct a large number of transactions online (including shopping, banking, bidding on Ebay, etc.).

Fortunately, increased awareness about the tricks phishers use combined with what the researchers dub "healthy email habits" can reduce your chances of falling prey to phishing schemes. For example, it's important to remember that phishing often involves emails that supposedly come from your bank or another account and that demand your immediate attention.

"Interestingly, urgency cues, i.e., threats and warnings, in the email stimulated increased information processing, thereby short circuiting the resources available for attending to other cues that could potentially help detect the deception," notes study author Arun "Vish" Vishwanath, PhD, of the University of Baltimore.

Simply put, the researchers found that emails that looked official and demanded immediate attention to financial matters were more likely to cause people to overlook clues that the correspondence was actually fishy - and phishy.

Strategies to stay safe

Dr. Vishhwanath, an associate professor in the Department of Communication at UB, points out that you need to be extra careful if you use a single email account to respond to all your emails. "An effective strategy is to use different email accounts for different purposes. If one email address is used solely for banking and another is used solely for personal communication with family and friends, it will increase your attention to the details of the email and reduce the likelihood of chance-deception because of clutter," he says.

Dr. Vishwanath also advises setting aside separate times to focus and respond to emails related to your work and emails that are strictly personal. For example, if you take the time daily to respond to personal banking emails, you'll be able to process them more clearly and think about their legitimacy before zipping off a quick, rushed response.

Tips from the Department of Homeland Security's U.S. Computer Emergency Readiness Team (US-CERT) on avoiding phishing schemes:

• Be wary of unsolicited email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, verify his or her identity directly with the company.
• Never reveal personal or financial information in email and don't respond to email solicitations for this information. This includes following links sent in email.
• Don't send sensitive information over the Internet before checking a website's security.
• Pay close attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (such as using .com instead of .net).
• Don't respond to email or pop-up messages that ask for personal or financial information. Don't click on links in the message, either. Phishers can make links look like they go a legitimate website, but they actually send you to a different, phony site.
• Unsure whether an email request is legitimate? Contact the company directly. Don't use the contact information provided on a website connected to the request.
• Install and maintain anti-virus software, firewalls, and email filters. Take advantage of any anti-phishing features offered by your email provider and web browser, too.

What to do if you think you've fallen for a phishing scheme:

• If you suspect your financial accounts may be compromised, don't hesitate. Contact your financial institution right away and close any accounts that may have been compromised. Be on the lookout for any unexplainable charges to your account.
• Immediately change your passwords. If you used the same password for multiple web sites and accounts, change your password for each account and don't use that password again.

US-CERT suggests reporting a phishing scheme to the police. You can also file a report with the Federal Trade Commission (www.ftc.gov).

More information about known phishing attacks is available online from the Anti-Phishing Working Group (www.antiphishing.org).

Sherry Baker is a writer from Atlanta, Georgia. She last wrote the article on A Surprising Secret to Good Health – Go Play! for Synergy. Sherry can be reached at featuredstories@adamcorp.com