In China, some of the most successful cyberthreats are frighteningly simple.
One recent viral mobile message offered free Golden Retriever puppies to lure users into giving away personal information. Another online scam took thousands from a woman who wired money to an impostor she thought was her son's teacher.
A current favorite of Chinese cybercriminals, according to Pei Zhiyong, the senior security researcher of the antivirus company Qihoo 360 Technology, is to simply program malicious code that asks users to disable their antivirus software.
"It will say their security program is incompatible with whatever they're trying to do," he said. "We call it a 'Candy Trojan Horse,' and 30 percent of users will actually respond by turning off their antivirus system."
Over the last decade, the Internet has gone mainstream in China. More than 600 million residents regularly go online, and China is also the world's largest smartphone market. And domestic companies like the Alibaba Group are among the largest Internet companies in the world.
In its early days, China's Internet market was plagued by malware and viruses. Popular free antivirus software offered by many companies has since helped stem that problem, but has led to a new one: Many PC users have become so comfortable that they are now easy prey to attacks that involve simply tricking them, instead of having their accounts breached by complex software. At Chinese companies, experts say, awareness lags that of their counterparts in developed nations.
In 2013, cybercrime cost Chinese companies and individuals $37 billion, according to a research report by the security firm Norton, putting the nation second behind the United States at $38 billion, and well ahead of the $13 billion that cybercrime cost Europe or the $1 billion for Russia.
Security analysts offer many reasons for this, but top among them is the naïveté of China's myriad new Internet users, as well as government policies that have emphasized the growth of the Internet industry above all else.
At the same time, many businesses have no consistent approach to ensure employees do not inadvertently compromise corporate networks. Companies also are often reluctant to pay for security software.
And the prevalence of pirated software in the country — and the back doors and other security holes in those programs — makes many businesses, and individuals, unwittingly vulnerable.
Beijing has focused far less on stopping cybercrime or punishing companies that enable or encourage attacks. As a result, China's companies tend to focus on attracting users above all else, and therefore a consensus among Chinese Internet companies on mitigating attacks has been slow to emerge.
Things could get worse for China as new users take to the web on smartphones. According to the Norton report, 75 percent of Chinese smartphone users have experienced mobile cybercrime in the 12 months leading up to the 2013 survey, compared with a global average of just 38 percent.
"The ability to access Google Play is not there, so Chinese go to alternate app stores that don't have the security capabilities" of Google's official app store, said Michael Sentonas, the global chief technology officer for Intel Security.
A 2013 study by the Data Center of China's Internet showed that 35 percent of China's most popular 1,400 apps tracked user data that had no connection to the function of the application.
When customers then bring their phones into work, the situation becomes dangerous for companies as well, Mr. Sentonas said.
The huge cost of attacks on companies has led to growing awareness among executives, though analysts say many companies still lack a high-level executive charged with security.