I'm enjoying the Federal Trade Commission's new videos about "phishing"—Web sites that try to trick you into disclosing information about your bank account, social security number, security passwords and such so they can steal your identity and rob you silly. The little skits are simple and funny. And the fat phishy guy is sort of cute with his fin getting in the way of his efforts to rob people in person.

Mr. Phish's attempt to snooker a business executive in her office is especially funny.

"Something here doesn't seem . . . right," she says as he waits for her to give him her bank account password.

"What?" he asks innocently.

"I can't quite put my finger on it!" she exclaims.

"Trust issues, eh?" he deftly replies, hovering over her chair. "You know once we figure this whole thing out maybe we could grab a cup of coffee?"

By then she and her security guard notice something—the fin on his back. "This isn't what it looks like!" he exclaims as the guard ushers him out of the office.

Obvious warnings you're likely to slip on

At the end of the segment, watchers are directed towards an FTC Web site: OnGuardOnLine.gov. They might have come up with a shorter domain name, but the site has lots of good tips on protecting your digital security. Some of these pointers may appear to you to qualify for the "duh" category, but I know plenty of people who have slipped and paid the price. Here are a few advisories:

Just good stuff to keep in mind. The biggest problem with phishing, of course, is that it comes in the form of spam. And spam has gone beyond just irritating, the Federal Trade Commission warns. It has become downright dangerous.

"This new generation of spam is no longer a mere annoyance to email recipients and a burden to ISPs; often it is a vector for criminal activity," the FTC's Spam Summit report, released on December 28th, concludes. The document summarizes the findings of the Commission's Division of Marketing Practices on spam and phishing.

Not your grandfather's spam

In the relatively innocent 1990s, spammers used automated search software to "harvest" e-mail addresses off Web sites, then dumped them into scripts to mass market products via email. The messages used phony headers so you couldn't trace them to their source.

But those were the good old days, the FTC report explains. Today's New and Improved spam sends you malicious "bots" that implant software in your computer, turning it into part of a network of hosts that send unprecedented quantities of spam into cyberspace.

And the spam doesn't just try to get you to buy V1a@ra; it directs you to "phishing" sites—phony Web pages that look like your banking, credit card, or cell phone account site—then tells you the site crashed and needs you to submit your account information again in the hope that you'll fall for this dodge and the spammer can rob you silly.

Other types of "malware," the FTC warns, can dramatically slow down your computer, or even worse, install key recording software that will record your every keystroke—that's right, including the strokes that spell out your credit card and banking account number.

Fast flux

One million Internet Protocol (IP) addresses get shanghaied into coordinated spam attacks every day, the FTC survey says, assaulting 50,000 computers in any single instance.

Spam experts call the phenomenon "fast flux," and say that about 12 million computers world wide are compromised by malicious bots, most of them located outside the United States. With so many computers under their control, spammers can quickly switch the infected computer IP addresses that they use in order to evade detection by authorities.

And it's getting easier to become a malicious spammer, the FTC reports. Rogue software developers are offering spam/spyware programs for less than $20 a copy; some even come with technical support.

U.S. consumers paid seven billion dollars in costs due to malicious spam in 2007, the Spam Summit report says. 850,000 households had to replace their computers after being spammed or phished. The Federal Bureau of Investigation discloses that over 200 government Web sites have been compromised and turned into spam delivery systems.

Fighting spam

Consumers can protect themselves from malicious spam, the FTC says. Spam filters work and every e-mail user should get one. Studies repeatedly show that using such filters effectively blocks most spam.

"The implication of this finding is that ISP spam filtering technologies continue to play an integral role in reducing the amount of spam messages delivered to consumers’ inboxes," the FTC concludes.

The Commission also warns that listing your e-mail address on a Web site puts that address at high risk of getting plucked, "but that postings on other website locations, such as chatrooms, message boards, social network sites, and video posting sites were far less likely to be harvested."