I wonder if an average user really understands "Phishing" - maybe the original question should be more explicit. Otherwise the user may not know this question is the question they're asking..

Something like "I'm worried someone is trying to lure me with a fake email (phishing)"