By now, you've probably gotten at least one suspicious e-mail message from your bank or Internet service asking you to verify your account information. Typically, the messages ask for your social security number, credit card numbers, and other information you should never reveal via e-mail. These scams are called phisher e-mail, and if one of them hooks you, you'll be in a world of hurt.

In the past few months, bogus e-mail claiming to be from Best Buy, Citibank, EarthLink, eBay, PayPal, Visa, and even the FBI has been used to steal personal information. In many cases, these sophisticated messages contain real company logos and links to genuine company sites. But the link that supposedly verifies your account information actually sends it directly to scammers, who set up a Web site for a few hours to collect the information, then vanish.

Phish stories
Once a phisher has your info, he might do nothing, happy to simply have duped you. He might charge items to your credit card until he hits your limit. Or he might sell your information to someone else. If you keep a close watch on your bills and dispute suspicious charges with your bank, you'll probably escape with minimal damage.

But here's the nightmare scenario: The phisher takes your information and opens a new bank account, receives credit cards, and runs up thousands of dollars of charges in your name. Then he disappears, leaving your credit rating and your reputation in shambles. Or worse: he uses your identity while committing criminal or terrorist acts.

According to a recent FTC study, about 10 million Americans had their identity stolen last year--40 percent more than the year before. Estimated financial losses totaled nearly $50 billion or an average of $4,800 per victim, and while most ID theft occurs when someone steals your wallet or digs through your trash, an increasing number of these crimes are happening electronically.

Tackling the problem
Unfortunately, most phisher e-mail looks legit enough to fool even the best spam filters, but that may soon change. For example, MailFrontier has just released a beta of Matador that fishes for phishers. The software looks for telltale signs of scam spam, such as messages that contain forms asking for your credit info, then shuttles them to a special Fraud folder inside your mail client. Matador alerts users when new scams appear and lets you report them to the FTC's Consumer Sentinel database.

Qurb also recently released what it claims is a "spoof-proof" version of its antispam client. Legitimate e-mail senders such as Citibank can use Qurb to digitally certify each message; Qurb 2.0 will recognize the certification and allow the message into your in-box. If a scammer tries to spoof Citibank's e-mail, Qurb will funnel it into a junk mail folder.

It takes a village
Of course, until a critical mass of legit e-mailers use this kind of certification scheme (and consumers use a spam filter that can recognize it), phisher e-mail will still get through.

Maybe you're too sophisticated to fall for phisher scams. But surely you know people who aren't. According to MailFrontier, 40 percent of Matador users who received the Citibank phisher spam rescued the message from their junk folders, mistaking it for the real deal.

Fortunately, help is just a few clicks away. The FTC, the Identity Theft Resource Center, the National Fraud Information Center, and the Privacy Rights Clearinghouse all provide reams of information on how to avoid having your identity stolen and what to do if you've already been nailed.

These days it's not enough to look out for yourself on the Net. You also have to look out for those around you before a phisher scam reels them in.