The trouble with explaining some of the risks of using online services is that they can be damn complicated. Which is why having resources like this is so wonderful.
Common Craft have produced a short video explaining what the practice of phishing is all about.
Great work, guys!
I finally got an email from a credit card company warning about security breach that wasn't phishing. After calling the number on my statement, it turned out there had been an attempted security breach. I have always routinely discarded every email as phish thinking that they were all bogus, but something about this one seemed real. I'm glad I called and now I am going to check on the ones that come from companies that I actually do business with, just to be on the safe side.