The study shows that online scams are weakening e-mail as a trustworthy method of communication between companies and their customers, said Andy Klein, MailFrontier's anti-fraud product manager.
"The scammers are really beginning to poison the well of e-commerce to the point where many people can no longer tell the difference between what's fake and what's legitimate," Klein said.
Transcript: Brian Krebs hosted Dave Jevans, chairman of the Anti-Phishing Working Group.
Delores Hanes, 77, is one of those people. The Vancouver, Wash., resident fell victim to a phishing scam targeting customers of PayPal, eBay's online payment subsidiary.
"It had the PayPal pictures all over," Hanes said. "On the surface at least it looked like everything else I'd seen from them."
Hanes and her husband Bob, 80, first realized something was amiss when a woman from Western Union called to confirm that they authorized a $200 electronic payment to someone in Germany. Soon, checking charges appeared for amounts ranging from $50 to $150, including a request to open a new Internet service account with America Online, Hanes said.
"For days I couldn't eat, couldn't sleep at night, I was so upset," Hanes said.
Even after countless hours on the phone with her bank, the charges kept coming. Mrs. Hanes said the experience so rattled her that she and her husband have sworn off e-commerce for good.
"I guess we just decided we were done with the whole thing," she said.
It may be tempting to assume that most victims are like the Haneses -- the elderly and the technophobic. But according to a study of more than 1,330 Internet users conducted in September by the Tucson, Ariz.-based Ponemon Institute, 18- to 25-year-olds are nearly three times more likely to get hooked than any other age group.
Larry Ponemon, the institute's founder and an adjunct professor of privacy and ethics at Carnegie Mellon University in Pittsburgh, said people in that age group probably spend more time online and are more likely to bank online. But follow-up interviews with the young phishing victims in the study pointed to another difference.