Phishing is the generic name for a variety of email scam that has proved effective for criminals recently. The basic idea is to generate an official-looking email from a bank or e-payment company, which is sent to many millions of recipients. The email invites you to click on a link to log into your account, but the link points to the criminal's webserver. As you type your username, password and other security details, the criminal captures these, then logs into your account and empties it.

It's a simple ploy, but has been very effective. Most banks and payment systems don't send email requesting details, and recommend that you go to their website by typing its address into the browser address bar directly, rather than clicking on links from dubious sources. Look at the HTML for the link, and you'll usually see that it points to some anonymous numeric address.

The way a website is constructed provides the means for making these phishing scams so effective; it is easy to copy the graphics and visual style, or even whole webpages, to a bogus server and adapt them to gather login data or other personal information. Similarly, the use of HTML in emails allows graphics to be embedded to replicate the visual style of a bank or payment site.

Many of the latest generation of browsers come with built-in tools which can detect some forms of phishing. These work by checking URLs against a central database of known phishing sites, and can be quite effective against well-known attacks, though as with most security software, they are only partially effective.