04 December 2016

Phishing losses hit $3.2bn in 2007 - Gartner

17 December 2007  |  12581 views  |  0 ID Fraud

Phishing attacks in the US have soared in 2007, with direct losses from identity theft fraud costing financial services firms around $3.2 billion, according to research from consultancy Gartner.

According to a survey of more than 4500 online US adults, around 3.6 million US adults fell victim and lost money in phishing attacks in the 12 months ending in August 2007, up from 2.3 million adults the year before.

Phishing attacks were more successful in 2007 than in the previous two years. Of the number consumers who received phishing e-mails in 2007, 3.3% say they lost money because of the attack, compared with 2.3% that lost money in 2006 and 2.9% that did so in 2005, says Gartner.

Gartner says debit cards have emerged as the financial instrument targeted most by fraudsters in this year's study, which shows that criminals are targeting areas "where fraud detection is weaker than it is with credit card accounts". According to the survey, of the consumers that lost money to phishing attacks, 47% said a debit or cheque card had been the payment method used when they lost money or had unauthorised charges made on accounts. This was followed by 32% of respondents that listed a credit card as the payment method and 24% who listed a bank account as the method.

The average dollar loss per incident declined to $886 in 2006, from $1,244 lost on average in 2006 (with a median loss of $200 in 2007). But as there were more victims, overall around $3.2 billion was lost to phishing crimes in 2007.

On a more positive note, the amounts that consumers were able to recover increased, with some 1.6 million adults recovered about 64% of losses in 2007, up from 2006 when 1.5 million adults managed to recover 54% of losses.

PayPal and eBay continue to be the most-spoofed brands, but phishing attacks increasingly come in different guises and impersonate electronic greeting cards, charities and foreign businesses, says Gartner.

Avivah Litan, VP and distinguished analyst at Gartner, says phishing attacks are becoming more surreptitious but anti-phishing detection and prevention applications are still not utilised widely enough to stop the damage. Around 11% of online adults say they don't use any security software - such as antivirus or anti-spyware products - on their desktop, and another 45% only use what they can get for free.

"Customer-facing organisations cannot expect their customers' desktops to be protected from malicious code, nor from e-mail and/or advertising traps that lure innocent consumers to Web sites that turn out to be infection points," she adds.

Gartner also says that bank regulators appear to be "in the dark" when it comes to measuring damage from phishing attacks. Gartner, along with the University of California at Berkeley, analysed data on fraud attacks supplied the Federal Deposit Insurance Corporation and found the information to be "spotty, unreliable and unstructured data". Litan says just 451 unique incidents were reported between 27 January 2005 and 30 May 30 but "the data quality was so poor that it was impossible to draw any conclusions from it other than that the regulatory reporting on fraud attacks is severely lacking".

"Regulators must get a better handle on the problem through consistent and timely bank reporting on their fraud incidents and losses," she adds.

The consultancy warns that phishing and malware attacks will continue to increase through 2009 because it's still a lucrative business. Advertising networks will be used to deliver up to 30% of malware that lands on consumer desktops, says Gartner.

E-mail providers, advertising networks and other "infection point" providers need to have incentives to invest in solutions to keep phishing e-mails from reaching consumers in the first place, says Gartner.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Macs target for phishing trojan

Macs target for phishing trojan

02 November 2007  |  6309 views  |  0 comments
US phishers targeting UK customers

US phishers targeting UK customers

18 October 2007  |  7317 views  |  0 comments
German cops arrest phishing gang

German cops arrest phishing gang

14 September 2007  |  9275 views  |  0 comments
Man-in-the-middle phishing kits circulating freely on the Web

Man-in-the-middle phishing kits circulating freely on the Web

10 August 2007  |  13172 views  |  0 comments
US consumers lose billions to online scams

US consumers lose billions to online scams

07 August 2007  |  8829 views  |  0 comments
Security fears scare off US customers from online banking, shopping

Security fears scare off US customers from online banking, shopping

27 November 2006  |  11422 views  |  0 comments
Phishers angling for fatter fish

Phishers angling for fatter fish

10 November 2006  |  7774 views  |  0 comments
Phishers exploiting lax ATM security - Gartner

Phishers exploiting lax ATM security - Gartner

02 August 2005  |  8678 views  |  0 comments
Phishing alliance formed as Gartner study unearths big losses

Phishing alliance formed as Gartner study unearths big losses

16 June 2004  |  7377 views  |  0 comments
Phishing scams cost US financial firms $1.2 billion - Gartner

Phishing scams cost US financial firms $1.2 billion - Gartner

07 May 2004  |  9231 views  |  0 comments
Find out moreVisit capgemini.comVisit contisgroup.com

Top topics

Most viewed Most shared
Royal Mint to issue digital goldRoyal Mint to issue digital gold
6559 views comments | 23 tweets | 21 linkedin
UK challenger bank Masthaven opens for businessUK challenger bank Masthaven opens for bus...
5671 views comments | 15 tweets | 13 linkedin
Bank CEOs fret about ROI as startups drive IT arms raceBank CEOs fret about ROI as startups drive...
5636 views comments | 16 tweets | 21 linkedin
ING pulls plug on P2P payments app TwypING pulls plug on P2P payments app Twyp
5585 views comments | 16 tweets | 15 linkedin
R3 and Calypso to develop blockchain trade confirmation systemR3 and Calypso to develop blockchain trade...
5555 views comments | 13 tweets | 12 linkedin

Featured job

to Six-Figure Base, Commission, Benefits
London, UK

Find your next job