Phishing is defined as:
The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. (definition from Webopedia.com)
Almost no legitimate business simply send you an email and ask you to go to their website and change / reenter your personal /account information.
Any business site where you can change your information will have proper contact information so you can call them to verify that you are in fact on the correct site when / if you want to update your information.
By following these few simple rules you will protect your self from most email scams.
1. Assume any e-mail that asks you to log into your bank, credit union, PayPal, eBay or other personal account is a phishing scam.
2. Never click on links within a suspected phishing e-mail.
3. If a link is clicked, never enter banking information, social security numbers or other sensitive information.
4. Never enter your computer user name or password into an e-mail that requests it, even if it claims to be from your IT manager or other co-worker. It is easy for a spammer to forge the sender's name.
5. If you are unsure as to the legitimacy of a particular e-mail, open an Internet browser and manually type in the URL of the institution in question, e.g. "www.irs.gov". Do not use the URL in the e-mail as a reference, as it may be a forgery.
Information on other email hoaxes and scams can be found here (click here)
Example tax phishing scam email:
Subject: Refund Notice!
The rest of the email is worded to sound like a legitimate email, however
The IRS never sends unsolicited e-mails asking for personal identifying or financial information