Network News

X My Profile
View More Activity

Report: Phishers Hooking Fewer (But Fatter) Victims

First the good news: While the number of phishing attacks continues to increase, fewer victims report falling for the scams than a year ago.

The bad news: Those who did get hooked by a phishing e-mail lost a lot more than the average 2005 phishing victim, and had a harder time recovering that money to boot.

The findings come from a study released today by Gartner Inc., a report that includes data from some 5,000 adults who took the company's online survey in August. According to Gartner, the average loss per phishing victim nearly quintupled from $257 in 2005 to $1,244 in 2006.

Perhaps more importantly from the victims' perspective, the average percentage that victims were able to recover dropped from 80 percent in 2005 to about 54 percent in 2006. Gartner estimates that at least part of that shift is due to a change in tactics by the scam artists. While financial institutions remain the top targets of phishing attacks, fraudsters are using less-conventional or fictitious brands -- such as made up sweepstakes contests -- that have weaker or non-existent fraud controls, the report posits.

The top two targeted institutions from the Gartner survey results were eBay and PayPal, echoing similar findings this week in a study released by Phishtank, a community-based anti-phishing network.

Gartner said that bank and credit card company refunds to consumers who lose money because of phishing attacks are declining as a percentage of total refunds, while reimbursements from non-financial services companies such as PayPal and retailers, are growing. According to Phishtank, some 1,493 distinct scam sites impersonated PayPal in the month of October alone, with another 1,210 phishing sites targeting eBay.

As major financial institutions have embraced a variety of commercial anti-phishing technologies -- from site take-down services to back-end fraud detection -- many phishers have found it more expedient to expand the scam playing field. According to a recent report from the Anti-Phishing Working Group, phishing e-mails and Web sites targeted at least 148 different brands in August, up from just 84 in January.

"When we first started seeing phishing attacks a few years back people kept saying this was a problem that was going to die down, go away," said Gartner analyst Avivah Litan. "Instead what they're doing is becoming more elusive. Instead of just saying here, come give us your credit card number, they try to lure people with $250 gift cards at Target if they sign up for a sweepstakes right away. The problem is that unlike with the banks, victims have a much harder time getting their money back when they fall for these types of scams."

By Brian Krebs  |  November 9, 2006; 11:41 AM ET
Categories:  Fraud , Latest Warnings , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: 'Supercerts' Aim to Highlight Legit Web Sites
Next: Microsoft to Issue Six Security Patches Next Week

No comments have been posted to this entry.

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company