At the end of 2008, we reported in this blog post that industry predictions suggested that 2009 could be a record year for identity theft. The unfortunate reality is that the reports released thus far this year appear to be supporting this trend, specifically in the realm of a form of identity fraud commonly known as “phishing”.

In a phishing attack, a criminal obtains secure information such as credit card numbers, usernames or passwords from an unsuspecting victim. The fraudulent scheme is usually carried out through an email sent to an individual which appears to be from a legitimate, trusted business, typically containing a link to a phony website that requests the victim to provide identifying information.

The latest evidence that recent economic woes are leaving more Americans vulnerable to Internet fraud came from reports from security software maker Symantec, internet security firm Cyveillance, and from IT research and advisory company Gartner, Inc. All three independent reports suggest that phishing attacks are on the rise, and fraudsters are getting more savvy.

In their report released April 14, the Gartner report estimates that more than 5 million U.S. consumers experienced financial loss to phishing attacks from the period of September 2007 to September 2008 – a 40% jump from the estimated number of victims in the same period the prior year. Although the number of consumers who lost money to phishing attacks increased in 2008, average losses decreased 60% over the previous year, to roughly $350 per incident. According to the study, victims were able to recover 56% of their losses, with most of the costs from fraud incidents absorbed by financial service providers.

It appears that the economic downturn has stimulated this new wave of internet scams, with PayPal, eBay, and Bank of America customers the biggest targets for the fraud. According to Gartner vice president Avivah Litan, victims are losing less money per incident now because “criminals have changed their tactics and are now pursuing a higher volume of lower-value attacks to evade banks’ fraud detection systems”.

Internet security mogul Symantec  studied data from more than 200 million personal computers with their antivirus software installed, 200 million email accounts set up specifically for spam collection, and data from large corporations that utilize their software. Symantec’s study results indicated that the number of phishing websites in cyberspace had increased a whopping 66% over the previous year. Of the phishing emails studied, over 75% of them were related to banking services, such as loans or home refinancing. Other interesting facts from the Symantec study:

• Demand and prices have leveled off for stolen private information such as social security numbers, credit card information, etc.

• Stolen credit card numbers are being bought for as little as 6 cents a piece (when bought in high volume) or up to $30 for small orders.

• Price for access to hijacked email accounts ranges from 10 cents to $100.

• Banking account information brings in $10-$1000.

• Web hosting for scam websites can pay from $3 to $40 weekly.

Clearly, the war on phishing and cyber fraud is far from over. In the interim, there are a number of safeguards you can implement to combat phishing, including e-mail blocking, safe browser surfing features and checking Web site authentication to determine legitimate sites.

No related posts.