I have to admit hate the new name that they're giving this type of attack (i.e.: 'vishing'), but I didn't create it. I think the new name is only going to confuse people about the subject more then they might be right now.
Its getting harder and harder these days to tell what's e-mail from a real business and what's a new type of phishing attack. As important as email is for some of us, the one thing that you have to remember is that 'e-mail is untrustworthy'.
To protect yourself, you should do the following:
- Don't download and run attachments in e-mail.
- Don't trust links or phone numbers provided in e-mails.
- Go to the site yourself rather then trusting a links in the e-mail, or call the company using a existing phone number that you trust.
- Don't rely solely on technology (spam filters, firewalls, anti-virus, etc.) because it can't protect you 100% of the time.