More consumers were victims of phishing attacks in 2008 — a 39.8 percent increase from a year earlier — but the average amount lost decreased, according to a survey conducted by technology research company Gartner.
Phishing is a form of identify fraud where a criminal acquires secure information — such as credit card numbers, usernames, or passwords — by pretending to be a person or company that the holder of sensitive information trusts. Phishing usually occurs when a cybercriminal sends a user an e-mail with a link to a phony website that asks users to reveal identifying information.
The Gartner study — which included data gathered between September 2007 and September 2008 — indicated that more than 5 million American consumers lost money in 2008 to phishing attacks, but the average losses among consumers decreased 60 percent to $351 per incident. In addition, consumers recovered 56 percent of their losses, with most of the costs from fraud incidents absorbed by financial service providers.
Avivah Litan, vice president and analyst at Gartner, said several measures help combat phishing, including e-mail blocking, safe browser surfing features and checking website authentication to determine legitimate sites. But he warned that “the war against phishing is far from over.”
The survey also recommended that enterprises that service accounts should provide their customers with site authentication tools and secure e-mail gateways to help them best guard against phishing attacks. According to Litan, no one solution guarantees safety, and that the best security practices call for layers of anti-phishing tools.