If you hold any personal information on any internet site, and I can guarantee that you do, you should know that you are at risk to a very particular type of scam called phishing.
Phishing websites pose as other websites and attempt to make you enter your login details. This information is stored and allows the scammer access to your account. From there, the scammer can infiltrate virtually all of your online accounts (especially if your passwords are all the same, and all the websites you use are linked by one email address). Phishing is illegal, mainly as it is an invasion of privacy, and can also lead to greater crimes such as theft or fraud; nevertheless, phishing does take place, and it is important to have awareness.
Phishing websites will usually try to make you access your accounts. For instance, a scammer might email you about an online purchase you didn't make through PayPal. You would read the email and knowing you hadn't bought anything, you would try to freeze the transaction. Most of the risk is here. In the email, chances are, they will link you to a fake website posing as PayPal. Here you would enter your details in an attempt to freeze the transaction, and the scammer would have your PayPal details. The first step to staying safe is, before you login to any website, check the URL. If it doesn't look right, the website is probably a fake.
Another tip is to read thoroughly all the safety information provided on the important websites you use. Often, websites will not link you anywhere in an email. If this is true of a website, it will let you know. Reading the material websites provide will inform you on what their emails will consist of, and will help you decide when reading an email, if it is a fake.
The final tip is about why you were targeted in the first place. Be wary of leaving your personal email address on public forums. If you want to be emailed by anyone in particular on a forum, send them a private message with your email. Do not broadcast your email to the whole world. You don't tell your friends your address on the national radio (let alone on an international radio), so why give information about yourself on a forum?
Avoiding phishing scams takes time but is certainly worth it. Remember to carefully read every email that is remotely related to personal information and think about what you're saying before you let everyone know. Also, speak with your managed IT services provider and ask about any cyber security awareness training they can make available to you and your staff. As we learned when we were kids, knowing is half the battle.
