updated 5/12/2005 9:25:08 AM ET 2005-05-12T13:25:08

Rebecca Tennille considered herself a savvy consumer, but when she got an e-mail that looked like it was from her bank, she followed its instructions to go to a Web site to verify some personal information.

“It struck me for about two seconds that I should do a little research, but I’ve got a toddler and I had so much to do,” said Tennille, of Birmingham, Ala.

It was a $6,000 mistake.

The e-mail was an identity theft lure known as “phishing.” Scammers typically pose as banks, credit card companies or other institutions to lure victims into giving up sensitive details like passwords or account numbers.

Tennille’s e-mail said her bank had noticed unusual activity in her account and asked her to enter personal data on a Web site doctored to look like one from Regions Bank. But the site actually was posted by crooks who used Tennille’s data to run up about $6,000 in charges in Spain.

A survey conducted by Denver-based First Data Corp., one of the country’s largest electronic financial transaction companies, showed that 43 percent of adults have received a phishing contact. Five percent of those gave their personal information.

The telephone survey of 2,000 people had a sampling error margin of 2.2 percentage points.

Tennille realized she’d been scammed after her debit card was declined while buying medicine for her daughter. By then Regions Bank had already canceled her card after noticing unusual charges. Regions helped Tennille recover her losses.

William Askew, Regions Financial Corp.’s executive vice president of consumer and business banking, wouldn’t disclose how much phishing costs his company. But a report last year by Gartner Inc., an information technology market research firm, estimated victims cost U.S. banks and credit card issuers about $1.2 billion in 2003.

Meanwhile cybercriminals are getting more sophisticated, with new threats popping up like “pharming,” in which users trying to access legitimate Web sites are redirected to fakes set up with addresses that appear similar.

The Federal Trade Commission advises that e-mailing financial and personal details is never a good idea, and legitimate companies don’t request those details in an e-mail.

Rather than clicking on links in e-mails, retype them into your browser. If you suspect an e-mail is a phony, call the institution that supposedly sent it and verify the request.

Tennille has since received another phishing e-mail, which she reported to Regions Financial Corp. investigators.

“I was so high strung from the whole experience,” Tennille said. “You live and you learn.”

© 2012 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments