Direct losses from identity theft fraud against victims of online phisihing attacks cost US financial services firms about $1.2 billion in 2003, according to research from consultancy Gartner.
Based on survey responses from 5000 American Internet users, Gartner estimates that approximately 30 million users believe they have "definitely experienced" a phishing attack, and another 27 million said they had "observed" what looked like a phishing scam e-mail.
Furthermore, Gartner estimates that about 19% of those receiving scam e-mails - or nearly 11 million US Web users - have clicked on the link provided, while three per cent of those attacked - or an estimated 1.78 million adults - have entered financial security data on the fake Web site they were directed to.
Phishing attacks are not new, but they have become more pervasive in the past 12 months. According to the research, 76% of the known or suspected attacks occurred within the past six months, with another 16% occurring in the previous six months. The combined results suggest that 92% of these phishing attacks took place in the past year.
Avivah Litan, vice president and research director at Gartner, says the data indocates that "phishing attack victims are almost three times as prone to identity-theft related fraud as other online consumers".
Litan warns that eventually, all participants in e-commerce will be hurt by an erosion of consumer trust in online transactions if phishing attacks are not sharply reduced: "Service providers have no choice but to combat these fraudulent e-mails if networked computing is to become more trusted as a favoured channel for customer transactions."