This article is the archived version of a report that appeared in June 2009 Consumer Reports magazine.
Last year, members of the American Airlines AAdvantage Program received e-mail purportedly from American Airlines promising $50 for participating in an online survey. But those who took the bait ended up on a fake site that asked for their personal information.
We estimate consumer losses to phishing scams at almost a half-billion dollars during the past two years. Last fall, more than 250 brand names were used each month in e-mail scams and other cybercrime, according to the Anti-Phishing Working Group. The most targeted industry was financial services.
One reason there are many successful phishing attacks is that users of social-network sites are often caught off guard and might be less alert to the presence of malicious Web sites, dangerous e-mail, and harmful software. "Phishing e-mails are much better now," says Rob Douglas, editor of IdentityTheft.info, a Web site that provides news about identity theft. While earlier phishing scams were characterized by poor grammar, misspellings, and cheesy graphics, most are now so well done that experts can't easily tell real ones from fake.
Never provide personal information via an e-mail link. Enable the antiphishing feature in your browser or download a free antiphishing toolbar such as McAfee Site Advisor (at www.siteadvisor.com), which warns you when you're visiting a dangerous site. Only 27 percent of respondents to our survey used such tools.