From the, "I prefer my fish grilled' files:

VeriSign is out with a new report this morning, stating that 88 percent of web users in the US can't identify phishing sites. Phishing sites are spoofed sites of legitimate sites that aim to trick users into giving up information.

While the VeriSign numbers sound disturbing -- they're actually an improvement from data that I reported on in 2005. Back then, I wrote a story about a report that stated that only 4 percent of users can spot a phished e-mail 100 percent of the time.

In the new 2009 report from VeriSign, they peg a few common areas that users miss. One of them is a misspelling in a site's name, the other is a padlock in the browser address bar. The browser padlock of course is a sign that a site is SSL secured (and oh yeah VeriSign sells SSL certificates).

The simple truth of the matter is that for important websites - be they banking or otherwise - web users should directly type in the address of the site themselves. Phishers generally operate from links - that is you get a link in an email, other website or Twitter and then click through.

Is phishing something to be concerned about? Of course it is. The fast that vast majority of users can't spot a phishing site is a concern but the reality users need to just be careful whenever they are going to pass off personal information in any medium, online or otherwise.