(MONEY Magazine) – Phishing scams are casting a wide net over consumers lately, especially people with Citibank accounts. Phishing (cyber-slang for fake e-mail messages that ask recipients for personal info such as passwords or credit-card numbers) uses its catch to skin respondents' accounts. And a phisher's haul can be huge: 3% of folks who say they've been phished fall for the ruse, reports tech research firm Gartner.

Citibank customers are a favorite target these days. The subject line of a highly persuasive e-mail reads "Important Fraud Alert from Citibank" (other bank names appear as well). The sender's address incorporates the citibank.com name. Even the body bears the famed umbrella-topped Citi logo. The message informs you that to safeguard your account, you must confirm personal details. "This process is mandatory," it warns. Otherwise "your account may be subject to temporary suspension." A hyperlink connects you to a form that, once fled out, dows the sender to assume your identity. With deft touches like "Copyright © 2004 Citicorp" on the bottom, the scam makes it easy to take the bait.

Suspect you're a phishing target? Call your bank to vet the e-mail. And if you ever decide to give out account details online, go directly to the site. Never click through an e-mail. —JOAN CAPLIN