Web fraudsters are increasingly targeting consumers with password-confirmation scams, experts have warned.
The scam involves sending emails which purport to come from a service provider asking consumers to confirm their passwords at a website. Customers of several British banks were targeted last month.
The websites are cunningly constructed fakes. Once the password entries are made online thieves collect them. As well as banks, companies like eBay have also been targeted.
"A huge number of people are getting suckered by spoof websites, particularly in the US," said Scott Schnell, senior vice president of sales and marketing for RSA Security.
"Once they use the sites they are losing everything, all their personal information. This problem needs to be addressed."
Schnell suggested that companies and the press should educate employees and the public respectively. Better identity management would also help, he added.
"Someone being lazy or stupid, two essential human traits, can defeat the very latest risk management system," said Jon Collins, associate at analysts Quocira.
"Education is vital, there's a fundamental misunderstanding about technology. When people go to these websites they aren't thinking properly about threats."
Financial institutions never ask customers for confidential information via email or to divulge such details at websites linked to by a web address in an email.
Genuine banking websites are always prefixed with 'https'. The 's' stands for 'secure' and guarantees that details are being kept confidential.
Microsoft receives a 30 per cent cut of all purchases on the Xbox digital store
Credit card thieves used Apple ID accounts to buy and sell virtual currency for Clash of Clans and Clash Royale and Marvel Contest of Champions
$5.1bn fine further evidence that the EU is anti-US, claims Trump
New cable will connect Virginia to France