This applies to the UK as well as the US, however recent surveys which showed that people in the UK were prepared to give up their password for chocolate. Anyway, the rules are: If it seems to be too good to be true, it probably is You have not : won the lottery failed a bank security test had someone try to hack your account and you need to re-enter them had bad feedback on a site you have never heard of, or without your full name in the e-mail Got someone at a bank in another country wanting to give you some money If the mail is not sent to you and only you, then it is very, very, very unlikely to be real If the phishing scanner says it is a bad site, trust it unless you know that the address is the address bar is real, and then still don't enter personal information Even if they don't want your mail, handing over your personal details is telling them what they need to know in the real world. If you are asked to disable your system security, don't! Web scams trick one in five US surfers - vnunet...