One of the sad realities of email is that all of us will at some point be subjected to "phishing" attempts. Wikipedia's definition of phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. There are some things to know about your institutions and about these messages that will protect you and keep you from becoming a victim of these scams.
About your institutions... Banks, credit card companies, hospitals, universities, and other institutions have rigorous standards that are enforced regarding divulging personal information IN BOTH DIRECTIONS of the communication. Meaning they won't send out your SSN, account password, etc. over email and they won't ask it of you either. You will be directed to a secure website. So this is the first tip: Any electronic message asking for personal information or account information over email is a phishing attempt! There were exceptions to this ten years ago but I can't think of any today.
Sometimes the email is a little trickier and won't ask for the information over email but will direct you to a link contained in the email. There's a few things to consider when judging the legitimacy of these emails.
1. How is the grammar, syntax, and vocabulary in the emails? Many of these originate in other countries where English is not the first language or the particulars of American English aren't known. So look for misspelled words, incorrect or incoherent phrasing, or missing or bad punctuation.
2. If the email comes with an "urgent" warning or threat to your account if you do not take some action, it is most likely a phishing attempt. The only exception to this is when the email comes with the contact information of the department sending the email (usually phone number or email address). When in doubt, call them and find out if the email is legitimate.
3. If you hold the mouse over the link you're directed to go to in the email to "fix" your problem, you will see the actual address it will go to. Many times it will not be an address from the institution the message supposedly came from. For example, if you receive an email from UC Davis saying they're migrating servers and your account will be closed unless you click on the link, if you mouse over the link it may something like http://apohome.yuca.uk. Obviously not a UC Davis website!!
I hope these tips are helpful. There are many more that can give these phishing attempts away but these are the basic ones. Please send this information to anyone who has questions about phishing attempts or has ever fallen for one.
