Don't be embarrassed - most of the corporates I lecture to are fooled, including their IT departments. If you check out Antiphishing.org for information you may be saddened or amused by the figures.

Generally the rule of thumb is distrust all links in unsolicited email. Using proper email (ie no html!) also helps protect.

The upside is that phishing is slightly in decline. The downside is that spearphishing (targeted phishing is on the up) and the use of trojans to redirect is becoming very popular. These remove the need to fool people into clicking on a link - they actively redirect so you may type www.mybank.com into your browser and end up going to www.thebadguys.com.

More arguments to patch, use antivirus and get a firewall installed!!!