While phishing attacks look like legitimate messages, they’re really malicious attempts to lure you in to giving out personal information -- such as banking info, a credit card number or a social security number -- with the intent to steal your identity for financial gain. Phishing attacks appear as if they’re coming from your financial institution or favorite online retailer, but they’re simply linking you to a spoof site by using similar wording and logos.

These messages are often sent to millions of addresses around the world in the hopes that a few people will believe they’re legitimate. Scam artists sometimes don’t know whether there’s anybody on the other end of the email addresses to which they’re sending their phishing emails, but when you write back, you prove that there is.

While it may be tempting, you should never write back to the sender. You’d only be confirming that your email address is valid, which might invite more phishing attack attempts.

You could, however, forward the entire message to your financial institution, Internet service provider or the authorities. Some suggestions include the Federal Trade Commission (Spam@uce.gov) and the Internet Fraud Complaint Center of the FBI (fill out form at IFCCFBI.gov). You could also forward the email to the “abuse” or “spoof” email address at the company that is being spoofed (e.g. “Spoof@ebay.com”).

But be aware that these scammers are often hard to track down; don’t expect an investigation.

Also, be sure to install and maintain antimalware software (which includes virus detection), a computer firewall and a Web browser with an antiphishing feature. All of these measures can act as an extra line of defense from some of these malicious types.