Internet con artists are turning to an old tool - the phone - to keep tricking Web users who have learned not to click on links in unsolicited emails.
A batch of emails recently making the rounds were crafted to appear as if they came from PayPal, eBay's online payment service. Like traditional phony "phishing" emails, these said there was some problem with the recipients' accounts.
Phishing emails generally instruct recipients to click a link in the e-mail to confirm their personal information - the link actually connects to a bogus site where the data are stolen.
But with internet users wiser about phishing, the new fake PayPal e-mail included no such link. Instead it told users to call a number, where an auto-mated answering service asked for account information.
Security experts tracking this scam and other instances of "vishing" - short for "voice phishing" - say the frauds are particularly nefarious because they mimic the legitimate ways people interact with financial institutions.
In fact, some vishing attacks don't begin with an e-mail.
Some come as calls out of the blue in which the caller already knows the recipient's credit card number - increasing the perception of legitimacy - and asks just for the valuable three-digit security code on the back of the card.
"It is becoming more difficult to distinguish phishing attempts from actual attempts to contact customers," said Ron O'Brien, a security analyst with Sophos.
Vishing appears to be flourishing with the help of Voice over Internet Protocol, or VoIP, the technology that enables cheap and anonymous internet calling, as well as the ease with which caller ID boxes can be tricked into displaying erroneous information.
The upshot: "If you get a telephone call where someone is asking you to provide or confirm any of your personal information, immediately hang up and call your financial institution with the number on the back of the card," said Paul Henry, a vice-president with Secure Computing. "If it was a real issue, they can address the issue."
Meanwhile, new research from online shopping portal mutualpoints.com showed that most consumers in the West Midlands have taken steps to protect their computer from security threats, but most are failing to cover themselves against all online scams.
Some 98 per cent of 9,790 people surveyed said they had installed anti-virus software on their PCs, while 93 per cent had a firewall running. Just over four fifths (85.5 per cent) had anti-spyware installed on their computers.
But just 1.6 per cent of consumers felt it wasn't important to have security software to protect them while they were shopping online.
The study also revealed that anti-hacker and anti-abuse software is being overlooked by the majority of internet users.
Almost half (46.8 per cent) had no anti-hacker protection, while about two thirds (64.9 per cent) had failed to install anti-abuse software, which blocks unwanted and malicious email and offensive online content.
Mutualpoints' survey showed a high level of awareness among UK internet users about the different types of online security threats they face. Over 90 per cent of those questioned understood the meaning of virus, hacker and spyware, while over 80 per cent were aware of the terms trojan and worm.
However, over a third (38 per cent) of consumers didn't understand the term phishing - one of the most prolific types of internet fraud.
Mutualpoints also looked at online shopping habits. It found that shop-pers are spending significant sums and making regular purchases online - over a third (36.4 per cent) of shoppers were happy to spend £500 or more in any one online shopping transaction.
According to the research almost a quarter (23 per cent) of Britons shop online every week.