There are seven steps in a phishing attack, from preparation through successful infection of a victim to the fraud committed using stolen information. Fortunately, there are countermeasures available for each stage. For example, organizations should monitor call volumes and the type of questions customers are asking; a large number of calls regarding password problems can signal a phishing attack. To interfere with the use of compromised information, organizations can use two-factor authentication devices such as biometrics. Instituting delays in some types of money transfers can provide time to detect and void phishing-based transactions. @ Online identity theft: phishing technology, checkpoints and countermeasures, from the identity theft technology council is at SM Online.