I thought I was pretty sophisticated about phishing until I got an email from "Chase" informing me that I had a new message. It looked just like the the real ones so I clicked the link, got to a login screen that looked right and after entering userid/pw combination, it said that the site was down and to try again later. That's when I noticed that the link wasn't using https so I immediately went to the real site and changed the pw. By luck, the only account that they could have accessed at that link was a gas card. Since I never activated the ATM feature, the only thing they could have done was to pay my bill for me. Even so with a credit limit that used to be good for about 18 months worth of gas (figuring 3 x $10 fill ups per month in 2001). That car broke its leg and I had to shoot it -- the new one has a bigger tank so I only have to fill it 2-1/2 times a month but each fill up is more like $50