In one of the fastest growing scams on the Internet, con artists are sending out millions of "urgent" e-mails trying to get unsuspecting consumers to divulge personal information such as their Social Security numbers or the passwords for online accounts.
Some tell consumers the federal insurance on their savings accounts will be canceled unless they update their personal data. Others claim to be from Internet service providers redoing their billing lists. Still others say something has gone wrong with a credit card transaction and that additional information is needed or the card will be canceled.
There are even links from the e-mails to Web sites that look just like legitimate bank or credit card or online merchant sites.
But they're not.
All are examples of "phishing," and the scam artists take the information they gather to raid consumers' bank accounts or charge thousands of dollars of merchandise or steal their identities.
The volume of such attacks is growing rapidly, said Naftali Bennett, chief executive of Cyota Inc., a New York-based anti-fraud firm that detected some 450 distinct phishing expeditions in March alone.
"It's the perfect crime from the fraudster's perspective," Bennett said. "It's easy to do, you get thousands of records and the risk of getting caught is very low."
A study released earlier this month by the research firm Gartner Inc. found that an estimated 57 million consumers believe they may have received a fraudulent e-mail in recent years.
It estimated that the losses that banks and credit card companies incurred from fraud against consumers who took the phishers' bait totaled $1.2 billion last year.
There are ways for Internet users to protect themselves, and experts say it starts with consumers being just as wary about giving out personal information online as they would be on the phone or in person.
"The red flag should be any request for personal information, especially from someone who says they need it right now or there will be dire consequences," said Patricia Poss, an attorney with the Federal Trade Commission's bureau of consumer protection.
Consumers who think they've received a phishing e-mail should not click on any Web links contained in the e-mail and, instead, forward it to the FTC's collection site at firstname.lastname@example.org.
If they've responded to such e-mails, they should contact their banks or credit card companies immediately to try to prevent account information from being misused, Poss said.
"Then, if you're worried about identity theft, get a copy of your credit report and make sure nothing is going on," she added.
Robin Holland, a senior vice president with Equifax, said that if consumers believe their personal information is being misused, they should ask for a fraud alert to be put on their credit files.
"If you ask for an alert with any one of the companies, the information will be sent to the other two," Holland said. "Then any creditor who pulls your file won't open up any new credit without contacting you."
David Jevans, senior vice president of Tumbleweed Communications, an e-mail security and anti-spam company in Redwood City, Calif., said the industry has become so concerned about fraudulent e-mails that it has created the Anti-Phishing Working Group, which he chairs. Its members include financial institutions as well as software and Internet companies and law enforcement agencies.
The group posts known phishing attacks on its Web site at www.antiphishing.org and offers a variety of tips for consumers to avoid becoming victims.
Security tips also are available on the sites of a number of the companies victimized by phishers, including www.citibank.com along with online auction site www.ebay.com and its online payment service, www.paypal.com.
Jevans said that to help counter increasingly sophisticated phishing attacks, consumers should make sure their computers are protected.
"Make sure you have antivirus software and keep it up to date," he said. "A lot of these (phishing) things are starting to drop spyware on your computer." He added that consumers should download security patches from Microsoft.
Jevans also suggested consumers make sure they review their billing statements carefully and periodically check their credit reports for irregularities.
"We're finding these guys sometimes wait four to six months before using the information they get," he said.