Before you insist you’re too smart to fall for a phishing scam, consider this: you’re probably not. Computer security experts say cyber thieves are increasingly sophisticated, making it hard for the average computer user to keep up with scams.

Some phishing emails now scan the browser history, identify which websites were recently visited and automatically configure themselves to look like the user’s own financial institution. Odds are a consumer will click on a message that seems to be from a familiar source.

“When Internet users are asked to make “trust” decisions they often make the wrong decision,” explained Lorrie Faith Cranor, associate professor of computer science and engineering & public policy at Carnegie Mellon University in Pittsburgh.

“Implicit trust decisions include decisions about whether or not to open an email attachment or provide information in response to an email that claims to have been sent by a trusted entity. Explicit trust decisions are decisions made in response to specific trust- or security-related prompts such as pop-up boxes that ask the user whether to trust an expired certificate, execute downloaded software, or allow macros to execute.”

Despite those poor trust decision-making skills and a rising tide of spyware, phishing and other Internet threats, most Americans say they feel safe online, according to a poll sponsored by StopBadware.org, a consumer protection initiative sponsored by Google, PayPal, Lenovo, AOL, Trend Micro and VeriSign. In the poll conducted by Zogby International, 88 percent of Internet users said they feel safe accessing the Net. Almost as many–84 percent–think, they have the information and tools needed to make good decisions to protect their privacy and security online.

But they don’t. Only 24 percent of Americans have installed a firewall on their computers and regularly update anti-virus and anti-spyware, according to McAfee, a security software manufacturer, and the National Cyber Security Alliance.

“What we have here is an Internet security paradox,” said Maxim Weinstein, who manages the StopBadware.org team at Harvard Law School’s Berkman Center for Internet & Society. “Americans see themselves as safe online, even as we see an ongoing trend of organized criminal elements using the Internet to target unsuspecting users.”

With an estimated 30,000 phishing sites in existence, it’s easy to understand how consumers fall prey to the scams. Most people don’t know exactly what to look for to identify a fraud site, experts agree. And even those who do may be in too much of a hurry to pay attention to detail.

Tim Callan, vice president for SSL product marketing at VeriSign, a company that specializes in security solutions, said consumers should pay attention to visual clues to distinguish real sites from fraudulent ones.

1. Look for the green address bar and the company’s name highlighted in green at the top of the browser. These indicators signify the site has undergone extensive identity authentication.
2. If the site’s Web address begins with https://, it means information you share is encrypted and secure. Never enter credit card numbers or sensitive personally identifiable information like a Social Security number or your mother’s maiden name on any page that begins with http rather than https.
3. All popular browsers feature a lock icon somewhere in the interface to indicate pages that are encrypted. But the icon has to appear in the actual browser interface and not inside the content of the page itself to be meaningful.
4. Look for a popular trust mark, such as the VeriSign Secured Seal (online security and verified site identity), eTRUST (customer data privacy) or the Better Business Bureau seal (business practices).
5. Check the Web address: Be suspicious of any site with an unknown domain that contains the name of a known site in the latter part of the Web address. For example, if your favorite bank is located at www.myfavoritebank.com, then you should be highly suspicious of a site like www.someotherdomain.com/myfavoritebank.

Bookmark: