More than 5 million U.S. consumers lost money to phishing attacks in the 12 months ending in September 2008, a 39.8% increase over the number of victims a year earlier, says researcher Gartner on Tuesday, April 14. The average consumer loss per phishing incident was $351, a 60% decrease from the year before.
In September of 2008, Gartner surveyed 3,985 U.S. online adults to determine the number of U.S. adults who have been victimized by phishing attacks, as well as the methods being used by criminals to execute these crimes.
Phishing attacks, says Gartner, occur when hackers or “cyberthieves” portray themselves to users as a trusted service provider, but in fact the phisher seeks to steal the user’s account information, such as credit card number, home address, and phone number, or credentials, such as user IDs and passwords.
Phishing is typically accomplished when the hacker sends someone an e-mail with a link inside and an invitation to go to a Web site, which the thief portrays as a well-known and/or trustworthy site.
Also, security company Trend Micro warns that the cyber rogues behind the notorious Conficker worm may finally be gearing up for more serious attacks. It has discovered a new file sourced by a known Conficker P2P IP node. It’s a new variant of Conficker now known as WORM_DOWNAD.E.
And a Microsoft security report reveals about rogue security software, (a.k.a. “scareware”). The report says rogue software lures users into paying for protection that, unknown to them, is actually malware offering little or no real protection, and is often designed to steal personal information.
The Gartner survey uncovered a trend toward higher-volume and lower-value attacks. Although the number of consumers who lost money to phishing attacks increased in 2008, average losses decreased. The average consumer loss in 2008 per phishing incident was $351, a 60% decrease from the year before.
Phishing attacks, says Gartner, continue to cause financial damage on consumers and financial institutions. Consumers recovered 56% of their losses, meaning that most fraud costs were borne by consumer banks, PayPal, and other financial service providers.
Gartner recommends that enterprises continue to deploy and improve security solutions that protect accounts and customers against attacks. Enterprises that are custodians of customer accounts should also consider site authentication or assurance to confirm to a customer that they’re on a legitimate Web site and not a spoof site.
In addition, antiphishing services can proactively look for phishing attacks against named enterprises before they’re launched and take them down on detection.
Enterprises providing e-mail services should investigate “secure” e-mail gateways that can block phishing e-mails from reaching customer in-boxes using a variety of methods from e-mail analysis to accepting only properly signed digital e-mail.
End users can also increase their own protection by using safe-browsing tools that can provide a warning when accessing a known or suspected phishing site.