Nearly half of people in the UK do not know what a phishing email is, according to alarming new research from secure online payment specialist PayPal.
Its survey into the UK's knowledge and awareness of phishing showed people are so confused by the scam just four in every 10 people would be confident enough to explain what a phishing email is.
Phishing emails are bogus emails sent to a host of email addresses asking the recipient for personal information, usually regarding online credit card or bank accounts.
If anyone responds, they could find money has fraudulently been taken from their account.
PayPal says when it comes to solving the problem of phishing, 64 per cent of people believe better education will solve the problem, while 39 per cent say personal signing and encryption of emails will stop it.
Despite nearly half of people in the UK not understanding what phishing is, six in ten (60 per cent or 27.4 million) say they have received a phishing email, with 66 per cent (18.1 million) receiving an email that looked as though it had come from their bank asking for personal information.
When these emails hit, 71 per cent of these people deleted the email, a quarter forwarded it to their bank, while just five per cent forwarded the email on to an anti-phishing internet site. The good news is just two per cent of people said they were fooled into responding.
Michael Barrett, chief information security officer from PayPal, said: "Phishing emails are designed to target vulnerable people who perhaps do not know much about the internet. "Phishers are using increasingly sophisticated ways to design emails to lure people into thinking they have come from a trusted provider, such as their bank or credit card provider. The good news is just two per cent of people in the UK have fallen for these scams.
"If anyone is in doubt over an email, and concerned it may be a phishing scam they should never click on the link in the email.
"Instead open up a new safer browser and
type out the link manually, this will let you know if the email is genuine.
"When these emails bombard your in-box it can be tempting to just delete the emails, as our research revealed, this is what most of the population do.
"However, we should all work together to stop the problem, and the most effective way is to alert the company, by forwarding the email to their anti-phishing taskforce such as firstname.lastname@example.org, so they can look into it and track the sender with a view to getting sites closed down."
PayPal says five per cent of the population already take action, but warns more people need to be taking proactive steps to help the industry.
PayPal's anti-phishing taskforce - online security team - works with the authorities with the goal of shutting down fake sites within 48 hours.
However, it is not just credit cards at risk: PayPal's research into the UK's awareness and knowledge of phishing revealed 22 per cent of people are still unsure about how important banking login details are.
Bank login details are just as useful to a phisher as a person's personal credit card details, as it gives the phisher access to an online account.
Mr Barrett said: "Our research reveals the real problem is slightly different to the perception.
"Most people (98 per cent) can spot a phishing email and know not to respond. However, the high proportion of people who aren't confident enough to explain this to their friends or neighbours would suggest there is room for error."
Tips on how to spot a phishing email: * Generic greetings. Many spoof emails begin with a general greeting, such as: "Dear PayPal member." But if you do not see your first and last name, be suspicious and do not click on any links or button.
* A fake sender's address. A spoof email may include a forged email address in the "From" field. This field is easily altered.
* A false sense of urgency. Many spoof emails try to deceive you with the threat that your account is in jeopardy if you don't update it ASAP. They may also state that an unauthorised transaction has recently occurred on your account, or claim PayPal is updating its accounts and needs information fast.