Hackers are always coming up with new sophisticated phishing schemes to steal any personal information they can.

Hackers want to gain access to your email because so much of valuable personal information can be found there.

Case in point: Earlier this month, there was a pretty serious phishing attack that targeted Gmail users. As NBC News reported:

The worm — which arrived in users’ inboxes posing as an email from a trusted contact — asked users to check out an attached “Google Docs,” or GDocs, file. Clicking on the link took them to a real Google security page, where users were asked to give permission for the fake app, posing as GDocs, to manage users’ email account.

To make matters worse, the worm also sent itself out to all of the affected users’ contacts — Gmail or otherwise — reproducing itself hundreds of times any time a single user fell for it.

Although I wasn’t impacted by this phishing scam, millions of people were. I knew some of them.

Luckily, most of my friends were savvy enough to recognize the scam for what it was and reported and deleted the emails. Most, but not all, unfortunately.

Don’t become the next victim of hackers. Keep your personal data safe and secure.

Here’s how to recognize phishing and how to avoid it.

How Phishing Words

At the most basic level, here’s how a phishing scam works:

You receive an urgent message of some sort. It’s from a trusted source (e.g., a social network, a store you shop at online, your bank). The email looks real – it even uses the logo and perfectly mimics color scheme of that company.

All of these emails ask you click on a (malicious) link that takes you to a fake log-in page or a page asking you to grant permission. This is how the hackers get your personal data – you unknowingly give it to them, all while thinking you’re just logging into one of your accounts.

How to Avoid It

What can you do if you suspect phishing?

Here are some simple tips courtesy of Citrix ShareFile, which helps businesses securely and easily share files:

  1. Don’t panic or click on anything until you know it’s legitimate. One of your contacts just shared a Google Doc with you out of the blue. Odd, right? Yes! That person has no reason to share a document with you. While you might be curious to see what it is, stop. Don’t open it. Investigate first. Email your contact and ask if they actually shared a doc with you.
  2. Check for red flags, such as strange email addresses or misspellings. In the Google Docs phishing attack, the email was sent to a fake email address (hhhhhhhhhhhhhhhh@mailinator.com), not their address. That’s a clear giveaway that something phishy is going on.
  3. Notify the company that’s being impersonated. Do a simple Google search to get contact info for the company (in Google’s case, they have an entire page on how to report a variety scams). Also make sure to click on the down arrow next to the Reply button and click “Report Phishing” to report the email.
  4. Share on your social media channels. Social media is faster than mainstream media. The Google phishing attack was another example. I found out about this scam after a couple of my friends posting about it – long before a single news story was written.
  5. Call your friends and family. Alert anyone you think could be impacted by the phishing attack.
  6. Email any listservs you’re on. Help stop the scam as soon as you learn about it so it won’t continue to spread.

You can see the full-sized infographic here.

The opinions expressed here by Inc.com columnists are their own, not those of Inc.com.