DURHAM, N.C. — Brenda and Denis Hayes have had to weed through files, credit card applications, police reports in the last four years. Someone stole Denis' identity and went online to apply for and receive credit cards and loans in his name.

Now, Denis still feels like most participants of a recent survey. It found that more Americans anticipate being the victim of a virtual attack, like I.D. theft or a fraudulent Internet auction, rather than a physical crime.

"I'm soon to be 48," said Denis. "I've never been bashed in the head or anything like that, but my I.D. has been stolen."

The survey also found that during 2005, incidents of virtual crimes were on par with physical crime. Experts who manage business websites say the scams are hard to stay on top of.

"We've been doing security for decades, but it changes every year," said IBM Security Strategy Director Stuart McIrvine.

Several servers securely run more than a dozen Web sites for IBM customers. At the entrance to the server room in Research Triangle Park, you need a badge. But if your badge and your fingerprint don't match, you're not getting in. But even that much security isn't enough to fully protect their customers' Web sites.

"It's not just external hackers breaking in," said McIrvine. "Got to help our companies deal with how they control insiders too."

For Denis, everything except his confidence is back.

"I don't buy anything on the Internet with a credit card," he said.

That's a fear he now shares with close to 40 percent of Americans. According to the Federal Trade Commission, there were more than 15,000 fraud and I.D. theft complaints from North Carolina in 2005. The top fraud complaint from the state was Internet auctions, followed by sweepstakes and lotteries. Fraud cost people in our state more than $11 million last year.