According to a study by research company Harris Interactive, two-thirds of workers have never heard of phishing, while four percent have fallen for phishing scams.
"Phishers are becoming more sophisticated in their deception techniques to lure employees to spoofed websites, as most employees cannot determine which is a valid site and which is a fake," said Geoff Haggart, VP of internet managemnet company Websense, who commissioned the survey.
One of the major problems with phishing, Haggart suggested, was that it now comes in the form of a blended threat and a user who does not actually lose any money could still suffer from merely clicking on an email.
"Employees don't have to 'fall for the phish' and actually enter confidential information on a phishing website to be compromised," Haggart said. "By simply clicking on a phishing URL, the site can install spyware, such as a malicious keylogger, on the employee's computer which has the ability to capture data such as network passwords or social security numbers without their knowledge."
As reported in SC Magazine, nearly 1,400 phishing websites and another 750 purporting to sell credit card numbers have been closed down following a clampdown by MasterCard.