Fraudsters running phishing scams are increasingly targeting high-income earners, according to research by Gartner which shows that direct fraud losses from the online attacks have risen to more than $2.8 billion in 2006.
The number of US adults who have received a phishing e-mail doubled from 57 million in 2004 to 109 million in 2006. The average loss per adult from phishing has grown from $257 to $1,244 per victim in 2006, says the analyst house.
People who earn more than $100,000 were more heavily attacked and received an average of 112 phishing e-mails in the past year, compared to 74 e-mails per consumers across all income brackets. The high-income earners lost on average $4,362, almost four times as much as other victims.
Avivah Litan, vice president and distinguished analyst at Gartner, says: "The thieves seem to be targeting higher-income earners who are also more likely to transact on the Internet."
The Gartner study, which is based on a survey of 5000 adults, estimated that 24.4 million Americans had been duped by a phishing e-mail in 2006, up from 11.9 million in 2005, while 3.5 million have handed over confidential data to the phishers, up from 1.9 million adults last year.
The average amount of money consumers recovered from phishing attacks dropped to 54% in 2006 compared to 80% in 2005.
Litan says cyber-criminals are starting to shift away from attacking online banks directly and are targeting brands such as PayPal and eBay more often.
"Countermeasures such as phishing detection and take-down services deployed by banks, Internet service providers (ISPs) and other service providers are obviously not sufficiently widespread or effective," she says.
Litan says anti-phishing measures some enterprises have put in place to protect their brand and their consumers are not working and phishers are moving from site to site to launch their attacks more quickly than ever.
"The average life of phishing sites has gone from one week a couple years ago to about one hour in 2006," she says. "Within a year or so, phishing sites may be user specific — that is a single site will be set up to launch a phishing attack against a single user."
Litan predicts that phishing attacks will continue to increase for at least two more years because it is still a lucrative business for the perpetrators.