Phishing happens when fraudsters appear to be real entities, such as banks, in an attempt to steal personal data like passwords and credit card information.

Although most phishing scams are never reported, the FBI’s Internet Crime Complaint Center says over 25,000 people reported being victims of phishing scams last year, resulting in a combined financial loss of over $29 million.

“Online transactions have become routine, but so have phishing scams that exploit people every day while involved with ordinary online activity,” says John LaCour, CTO of PhishLabs, a company that detects phishing scams.

Sites and URLs may look the same but there can be big differences. For example, a fake site may have slightly different letters in the web address than the legitimate site. Once a user logs in, their money or personal information can be stolen.

Here’s how you can protect yourself from internet scammers:

1. Don’t just look for the padlock

Internet browsers show a padlock symbol next to the website address. But seeing the lock isn’t enough.

“The padlock icon really means your connection is private or encrypted,” says Chris Bailey, VP of strategy of Entrust Certificate Services at Entrust Datacard, a trusted identity and secure transaction technology solutions provider. “With the padlock, you’re privately transmitting information, but it could be going to a scammer.”

2. Confirm the website identity

The most trusted websites show the company name in the web browser address bar.

Many financial and retail sites show this information. Entrust Datacard offers companies a service to display this information in the web browser address bar to help protect their business and customers from online fraud.

3. Don’t click links

To be safe, type in the website name by hand and make sure you don’t mistype the address. Clicking on links can sometime lead you directly to the fraudsters.

If you think a site is fraudulent, report it to the real company and to the Anti-Phishing Working Group at reportphishing@apwg.org.