According to Google, Phishing - trying to steal users' passwords and usernames or credit card details by sending e-mails or messages that appear to come from genuine sources, such as a bank - fool up to 45 per cent of victims.
So how do you spot a scam site from a genuine one?
To mark Safer Internet Day today (Feb 10), Google is offering tips on what to look out for when online:
Here's a summary:
Check the URL in the address bar
It might look right in the email, but it could take you scam site designed to steal your personal details. Also check for 'HTTPS' in the address bar which means the site is secure.
Always check the sender's email address
Does it look right to you? Phishing emails will often contain spelling mistakes and other irregularities.
Recognise scare tactics
Genuine sites never use scare tactics to get you to enter your username, password or credit card numbers. This is a red flag that the site may not be genuine.
Always check the spelling
Even though phishing can be sophisticated, hijackers are not always great spellers. Typos on a website or email could indicate that they are not the real deal.