Projecting from the results of the survey of 5,000 wired adults, research firm Gartner suggests that 57 million consumers in the United States definitely received or suspect they received a phishing e-mail.
The scam attempts to trick people by sending messages that direct them to legitimate-looking Web sites pretending to be that of a trusted service provider, financial institution or online merchant, where they are asked to hand over personal or financial information.
"This survey reveals how pervasive, and new, phishing is. And for those who fall for it, the chances are high their identity will be stolen," said Avivah Litan, Gartner's research director.
The growth in phishing comes as e-commerce and online banking become more established as means of conducting shopping and financial transactions.
Of the 4 million consumers who encountered fraud last year when opening a new online account, approximately half said they also received a phishing e-mail, according to Gartner.
Three percent of consumers who believe they were exposed to a phishing attack--or a projected 1.8 million people--supplied the financial or personal information requested, according to Gartner.
Some 30 percent of consumers who received a phishing e-mail reported that the related Web site purported to be part of auction giant eBay. In addition, 29 percent found a spoofed PayPal site, and 14 percent reported a bogus Citibank site, according to the study. Other spoofed Web sites included America Online, Microsoft, EarthLink, Yahoo, Wells Fargo, Bell South and Fleet Bank.
Consumers who fall prey to a phishing attack are three times more likely to encounter fraud compared with other online shoppers, Gartner researchers found. For instance, 54 percent of people who supplied sensitive information to a bogus Web site reported that they were the victims of identity theft last year. That compares with about 36 percent in the overall online population who encountered some type of fraud.
U.S. banks and credit card issuers report phishing cases cost them roughly $1.2 billion last year.
EarthLink announced last month it would become the first Internet service provider to offer protection from phishing scams. The company includes software to combat such fraud as part of its ScamBlocker tool.
A number of measures are available to reduce the likelihood of a phishing attack, such as using a secret image or word to authorize or identify customers. However, Litan offered a word of caution about an online defense.
"You can't make it impenetrable. All you can do is make your wall higher," she said.
