About one in four Internet users is hit with e-mail scams every month that try to lure sensitive personal information from unsuspecting consumers, a study says.

Of those receiving the phony e-mails, most thought they might be from legitimate companies — seven in 10, or 70 percent, were fooled by the e-mails, said the report.

The study released Wednesday by America Online and the National Cyber Security Alliance looked at Internet security and "phishing scams."

Phishing refers to e-mails that appear to come from banks or other trusted businesses and are used to induce recipients to verify their accounts by typing personal details, such as credit card information, into a Web site disguised to appear legitimate.

"What's happening is that more and more people are actually engaging in transactions online that would generate e-mail traffic that the scammers are copycatting," said Tatiana Platt, senior vice president at AOL.

The study found nearly three-quarters of those surveyed, 74 percent, use their computers for sensitive transactions such as banking, stock trading or reviewing medical information. That leaves phishers with a good chunk of Internet users to target, Platt said.

Platt said too many people still don't have adequate computer security to guard against viruses, hackers and other threats.

The study found 81 percent of home PCs lacked at least one of three critical protections — updated antivirus software, spyware protection and a secure firewall.

The researchers conducted in-home interviews with more than 350 Internet users nationwide. The researchers also reviewed the e-mails received by those households.

The Federal Trade Commission has several tips to keep from getting hooked by phishers:

— If you get an e-mail asking for personal information, call the company directly or type in the company's correct Web address. Do not click on the link provided in the e-mail.

— Use antivirus software and a firewall. This can protect a user from accepting unwanted files that could harm a computer or track a consumer's Internet activities.

— Don't e-mail personal or financial information.