How can we protect ourselves against phishing techniques, which dupe us into giving out our personal details online?

Unfortunately, the only real weapon that we have against such scams is our own unreliable intelligence. Fraudsters have realised that we’re often at our most dopey when staring at a computer screen, and some of this week’s correspondents have little sympathy. “Anyone stupid enough to click on a link in an email purporting to be from a bank deserves everything they get,” writes Les Edwards. Studies have shown, however, that phishing campaigns can fool even the most tech savvy; our fear of fraud will often lead us to believe messages telling us that “fraudulent activity is suspected on your account”, and then willingly volunteer personal details – which is when the fraud actually begins.

As with all forms of deception, phishing scams attempt to be convincing, but some can be spotted a mile off. “I’ve seen ones with hilariously inept design and ungrammatical text,” writes Colin Hayes, and anyone would be suspicious – as I was – of an urgent communication from a bank that can’t even spell its own name. But some can be more sophisticated. In a moment of weakness a couple of weeks ago, I clicked through to a fake eBay site from an email which had claimed that I’d won an auction, and I only just stopped short of entering my password. It’s not just banking details that phishing scams will attempt to eke out, it could be MySpace passwords, email logins – anything that might assist with identity theft. And with many of our personal details secured with a single, simple password, it obviously pays to be vigilant.

Many of us, however, drop our guard when confronted with something as simple as a picture of a padlock on an email or website. “If people had basic IT education,” writes Kevin Houston, “they might realise how easy phishing is to accomplish. And if banks were better at informing people that they will never be asked for their details by email, that would help.” In the meantime, the advice is simple: if you click on a link in an email and the subsequent website asks for a password – even if the email and website look genuine – don’t type it in; close the window and revist the website using your own bookmark, or by typing the address in the browser. Graham Cluley at internet security firm Sophos recommends cutting the internet out altogether: “Even if you think an email from your bank is legitimate, always contact them by phone.” It’s reassuring that forthcoming versions of Firefox and Internet Explorer will have greater safeguards against phishing scams built in, but no software upgrade can cure our own absent-mindedness. So stay alert.

Steve Phillips writes with next week’s question: “Websites are increasingly blighted by invasive advertising; some sites are virtually unusable, and Google’s targeted ads are almost creepy. Is it destined to get even worse?”