Phishing attacks in the U.S. rose in 2007 as $3.2 billion was lost to these attacks, according to a survey by Gartner.
The survey found that 3.6 million adults lost money in phishing attacks in the 12 months ending August 2007, as compared with 2.3 million who did so the previous year. Phishing attacks were more successful in 2007 than they were in the past two years. Of those who received phishing emails in 2007, 3.3 percent said they lost money because of the attack, compared with 2.3 percent who lost money in 2006, and 2.9 percent who did so in 2006.
“Phishing attacks are becoming more surreptitious and are often designed to drop malware that steals user credentials and sensitive information from consumer desktops,” said Avivah Litan, vice president and distinguished analyst at Gartner.
“Anti-phishing detection and prevention solutions are available but not utilized widely enough to stop the damage. These must be deployed and combined with solutions that also proactively detect and stop malware-based attacks.”
The average dollar loss per attack decreased to $866 from $1,244 lost on average in 2006(with a median loss of $200 in 2007), but because there were more victims, $3.2 billion was lost to phishing in 2007. A small bit of positive news is the amounts people were able to recover also increased. Around 1.6 million adults recovered 64 percent of their losses in 2007, up from 54 percent that 1.5 million adults recovered in 2006.
Forty-seven percent of people who lost money to phishing attacks said a debit or check card had been the payment method used when they lost money or had unauthorized charges made on their accounts. This was followed by 32 percent who said a credit card was the payment method, and 24 percent who listed a bank account as the method.
“Criminals have stepped up attacks on debit card and bank accounts, where back-end fraud detection systems are traditionally weaker than they are with credit card accounts,” Ms. Litan said.
“Fraud detection and authentication systems deployed widely in online banking in response to FFIEC banking regulator guidance are already a step behind fraudsters’ latest techniques and must be updated to guard against browser hijackings, “man in the middle,” and other hidden malware-based attacks often delivered to users through phishing e-mails.”
