Phishing attacks by hackers against online consumers have become so widespread that an estimated 57 million Americans may have received these fraudulent e-mails, according to a new study released by Gartner Inc. Gartner says direct losses from identity theft fraud against phishing attack victims cost U.S. banks and credit card issuers about US$1.2 billion last year.
Based on survey responses from 5,000 adult Internet users, Gartner analysts project that approximately 30 million adult Internet users believe that they have definitely experienced a phishing attack, and another 27 million believe that they have observed what looked like a phishing attack.
Gartner notes that phishing attacks are not new, but they have become more pervasive in the past 12 months. According to the Gartner survey, 76 percent of the known or suspected attacks occurred within the past six months (since October 2003), and another 16 percent occurred during the six months before then. Thus the combined results suggest that 92 percent of these phishing attacks took place in the past year.
"Financial institutions, Internet service providers, and other service providers must take phishing seriously," says Avivah Litan, vice-president and research director at Gartner. "These service providers should take action to apply solutions that dramatically minimize, if not eradicate, the threat, even if the service providers themselves are not direct targets. Eventually, all participants in Internet commerce will be hurt by an erosion of consumer trust in online transactions, if phishing attacks are not sharply reduced from current levels."
According to Gartner, phishing occurs when a cyber thief sends an e-mail that contains a link to a fraudulent Web site where the users are asked to provide personal account information. The e-mail and Web site, says the research group, are typically disguised to appear to recipients as though they are from a trusted service provider, financial institution or online merchant.
The Gartner survey, completed in April, indicated a high rate of success for phishers. Based on survey data, Gartner estimates that about 19 percent of those attacked, or nearly 11 million U.S. adult Internet users, have clicked on the link in a phishing attack e-mail. Moreover, it says, 3 percent of those attacked, or an estimated 1.78 million adults, report giving phishers their financial or personal information.
The data indicate that "phishing attack victims are almost three times as prone to identity-theft- related fraud as other online consumers," Litan says. "Anyway you look at it the crooks are achieving their goals with the execution of phishing attacks. Service providers have no choice but to combat these fraudulent e-mails if networked computing is to become more trusted as a favored channel for customer transactions," he concludes.