Survey: 43 Percent of Adults Get 'Phished'

DENVER (AP) _ Rebecca Tennille considered herself a savvy consumer, but when she got an e-mail that looked like it was from her bank, she followed its instructions to go to a Web site to verify some personal information.

"It struck me for about two seconds that I should do a little research, but I've got a toddler and I had so much to do,'' said Tennille, of Birmingham, Ala. "I figured, 'I'll just do this and cross it off my list.'''

It was a $6,000 mistake.

The e-mail, complete with logos of her bank, was an attempt at identity theft known as "phishing.'' Scammers typically pose as banks, credit card companies or other institutions to lure victims into giving up sensitive details like passwords or account numbers.

Tennille's e-mail said her bank had noticed unusual activity in her account and asked her to enter personal data on a Web site doctored to look like one from Regions Bank. In reality, the site was set up by crooks who used Tennille's data to run up dozens of charges in Spain totaling about $6,000.

"After it happens, you just think, 'I'm so much smarter than that,''' Tennille said.

Next week Denver-based First Data Corp., one of the country's largest electronic financial transaction companies, plans to release survey results showing 43 percent of adults have received a phishing contact. Five percent of those adults gave up personal information.

The telephone survey of 2,000 people was conducted by Synovate and had a sampling error margin of 2.2 percentage points.

Tennille realized she'd been scammed after her debit card was declined while buying medicine for her daughter. By then Regions Bank had already canceled her card after noticing unusual charges. Regions helped Tennille recover her losses.

William Askew, Regions Financial Corp.'s executive vice president of consumer and business banking, wouldn't disclose how much phishing costs his company. But a report last year by Gartner Inc., an information technology market research firm, estimated victims cost U.S. banks and credit card issuers about $1.2 billion in 2003.

Meanwhile cybercriminals are getting more sophisticated, with new threats popping up like "pharming,'' in which users trying to access legitimate Web sites get redirected to fakes set up with addresses that appear similar.

"We used to have cash. One protected very carefully their cash. If you lose your cash, you lose your cash,'' said Raf Sorrentino, head of enterprise risk and fraud solutions at First Data. "Your personal information, if you leave that open, it's very similar.''

The Federal Trade Commission advises that e-mailing financial and personal details is never a good idea, and legitimate companies don't ask for those details in an e-mail.

Rather than clicking on links in e-mails, retype them into your browser. If you suspect an e-mail is a phony, call the institution that supposedly sent it to check.

Regions and First Data are working to make consumers aware of phishing.

"If as an industry we don't communicate well and customers don't know, enough people are going to affected that they're going to lose confidence in the industry itself,'' Askew said.

Tennille has since received another phishing e-mail, which she reported to Regions Financial Corp. investigators.

"I was so high strung from the whole experience,'' Tennille said. "You live and you learn.''