Of all the Internet risks, phishing has been the toughest to thwart because it’s often almost impossible for a consumer to
tell a phony e-mail from a legitimate one. That’s why the Federal Trade Commission says you shouldn’t click on links in an
unsolicited e-mail to access a financial account. Yet most respondents to our survey don’t follow that advice, partly because
they’re tempted by offers like this one that Chase Online recently sent account holders. (In a recent spam study, security
software maker McAfee found phishing attacks that used Chase’s name to be the most prevalent type worldwide; a Chase spokesperson
told us that the e-mail shown was genuine.) The e-mail contained the recipient’s name and part of his account number, but
a prominent link took us to an insecure page where we could log in by entering a user ID and password.
If this e-mail had been fake, it could have been used to steal the recipient’s credit-card number, savings account, or identity.
Unless you’re absolutely sure of the source of such an e-mail, access your account only on your own directly through a browser
or call the company at a phone number you’ve verified.