Surveys of Internet users have suggested that around 3% of users fall for phishing scams (you know, the fake emails from banks, etc. asking for your account details). But there has always been some suspicion that this number under-reported the size of the problem because people would be unwilling to admit to having been duped. So some researchers at Indiana University School of Informatics decided to create their own phishing spam and see how many of the people they sent it to were fooled. The answer: 14%. Oh dear. Do be careful, people.