NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0418 Phishing Attacks in the US:
Phishing attacks in the United States soared in 2007 as $3.2 billion was lost to these attacks,
according to a survey by Gartner. The survey found that 3.6 million adults lost money in phishing
attacks in the 12 months ending in August 2007, as compared with the 2.3 million who did so the
year before. According to a survey of more than 4,500 online US adults in August 2007 (which was
representative of the online US adult population) the attacks were more successful in 2007 than
they were the previous two years. Of consumers who received phishing emails in 2007, 3.3% say they
lost money because of the attack, compared with 2.3% who lost money in 2006, and 2.9% who did so in
2005, according to similar Gartner surveys during those years. The average dollar loss per incident
declined to $886 from $1,244 lost on average in 2006 (with a median loss of $200 in 2007), but
because there were more victims, $3.2 billion was lost to phishing in 2007, according to surveyed
consumers. There was a bit of relative good news, however; the amounts that consumers were able to
recover also increased. Some 1.6 million adults recovered about 64% of their losses in 2007, up
from 54% that 1.5 million adults recovered in 2006. PayPal and eBay continue to be the most
spoofed brands, but phishing attacks increasingly employ devious social engineering attacks,
impersonating, for example, electronic greeting cards, charities and foreign businesses. Thieves
are increasingly stealing debit card and other bank account credentials to rob accounts - targeting
areas where fraud detection is weaker than it is with credit card accounts. According to the
survey, of those consumers who lost money to phishing attacks, 47% said a debit or check card
had been the payment method used when they lost money or had unauthorized charges made on their
accounts. THis was followed by 32% of respondents who listed a credit card as the payment method,
and 24% who listed a bank account as the method. Phishing and malware attacks will continue to
increase through 2009 because it's still a lucrative business for the perpetrators, and advertising
networks will be used to deliver up to 30% of malware that lands on consumer desktops. Gartner
sees no easy way out of this dilemma unless email providers have incentives to invest in solutions
to keep phishing emails from reaching consumers in the first place.
(TFOT 27FEB08)