Phishing is the gathering of information of a user by an impersonator of a product or service. Phishers attempt to trick a user into giving out sensitive data (e.g. ID numbers, login credentials, contact information, etc.) into the wrong hands. Successful phishing attacks are a difficult hassle to recover from, so being able to identify and avoid phishing attacks is a crucial defense.
Phishers are always finding new ways to fool users into feeling secure in an unsecure environment. Most phishers have stopped impersonating Nigerian Princes and are constantly adopting sneakier ways to snatch your sensitive information. If you need assistance with identifying phishing, submit a help request.
Always carefully scan emails that have to do with money or personal information. Never give out personal information through email.
Make sure that you actually use the service the email is discussing—if you get an email from a bank you don't do business with, it's probably not actually that bank.
Look at the sender's email address and see if it matches up with the company or organization's website address. Incorrect style, spelling, or grammar is usually an indicator that the email is fake. Before clicking on any links, hover over them to check if they lead to a correctly spelled, legitimate URL.
Confirm contact info
If you are given information to contact a company or organization and aren't sure if the contact information is legitimate, finding their contact information through their website and using that avenue to reach them is a good idea. Through an official source's contact information, you can confirm if the issue in the email is legitimate.