After all the warnings that you must never click on a link in an e-mail that takes you to a website asking for your bank login and password, you'd think phishers would have run out of suckers by now.

Unfortunately not, case studies in the Ombudsman for Banking Services' annual report released on Thursday show.

Banks have taken a hardline approach to phishing victims, arguing they've warned people often enough.

Banking ombudsman Clive Pillay is more sympathetic. Of the 45 Internet banking cases his office opened, he ruled in favour of complainants in more than half of the disputes. He found complainants to be in the right in 24 (or 53%) and banks in 21 of the cases.

But the example in the annual report indicates phishing victims still took heavy losses even if the banking ombudsman ruled in their favour. ''The complainant noticed suspicious transfers to the value of R161000 on his credit card and reported these to the bank and his personal banker. He had fallen victim to an Internet banking scam. The bank maintained that the complainant had responded to a phishing e-mail, thus compromising his security details. The bank could not supply a copy of the suspect e-mail, but provided evidence that the phishing website had been visited from the complainant's computer.

''During its investigation, the OBS found no evidence of negligence by the complainant's bank, as the bank's systems were not compromised or hacked into. The thieves were able to access the complainant's account via the Internet due to personal information he had unwittingly provided to them. However, fraudulent transactions to the value of R22000 could have been prevented had the bank reported the fraud to the beneficiary bank timeously. It was recommended that the bank refund the R22000."

Many of the case studies indicate people often only get back a fraction of the money stolen. So the moral is: subscribe for SMS notifications and store your bank's lost and stolen card hotline in your cellphone to inform your bank quickly.

While I'm smug about phishing - I get dozens of e-mails every day, telling me Sars will refund me R8351 or my bank will pay back all of last year's fees if I click on thieves.ru/mybankname.html - I have sympathy for victims of ATM card skimming, since I've been one myself.

Of 282 ATM disputes the ombudsman handled, Pillay ruled in favour of consumers in 44% of them.

The banking ombudsman's annual report includes this tale of woe: ''A card-cloning incident left the complainant R27000 out of pocket. In addition, funds had been transferred from her credit card account to her savings account, which incurred bank charges, and R1000 was withdrawn from the former. The bank repaid R12000, holding that the account holder could have mitigated her loss had she noticed the depleting balance when she performed an over-the-counter withdrawal midway through the six days over which the fraud took place. The OBS agreed and regarded the bank's offer to only partially reimburse the complainant as fair."

Credit cards were the second-biggest source of disputes (behind mortgages), with 475 cases, of which consumers won 39%. The example case highlighted a key issue in the credit card reform in the US - banks assume money paid into credit cards is to pay off the lower interest "straight" portion instead of the more expensive "budget" side. The moral is that, while your credit card offers a budget facility to pay off purchases over several months, you're inviting your bank to rob you if you use it.