Ask each company that you do business with over the Internet what they are doing to educate their customers about phishing and to make their sites safer. Suggest that they adopt the following policies if they haven't already done so:

• Avoid communicating with your customers in ways that can be easily imitated by phishers.
• Have a clear domain name strategy that makes it difficult for someone to imitate your Web site.
• Periodically check for Web sites that use unauthorized variations of your company name.
• Eliminate any application security flaws that could allow malicious hackers to hijack your own Web site addresses.
• Don't use instant messages, pop-ups or email to collect information unless your customer initiates the contact.
• Never use an urgent, threatening or time-sensitive tone in email.
• Explicitly spell out Web site links and keep them as straightforward and descriptive as possible.
• Don't hypertext words like "click here." Scammers do this to mask false Web site addresses.
• Don't use cross-site scripting on your Web site.
• Personalize your customers' emails with non-threatening personal data such as a first name so that the recipient knows that the email is coming from a company that knows them.
• Ask your customers to respond via your main home page as much as possible.
• Authenticate your Web sites using digital certificates.
• Clearly communicate your anti-phishing strategy to your customers.

Go to the Phishing main page.