Feb 9, 2010
  • Research and Analysis on Digital Marketing and Media
  • Objective Analysis of Internet Market Trends
  • Data from Over 4,000 Worldwide Sources


Print  |  E-Mail  |  RSS  |  More Articles   

Beware the Hooks: Phishing Has Doubled

NOVEMBER 14, 2006

Phishers are now lining up on the banks of the Internet stream — and they don't play catch-and-release.

FBLI
Share

According to new survey from Gartner Research, the number of US adults that are certain — or as least believe — that they have received phishing e-mails has nearly doubled in the past two years.

US Adult Internet Users Who Have Received a Phishing E-Mail, 2004 & 2006 (millions)

Approximately 109 million US adults received phishing e-mails in 2006, up from 57 million in 2004.

In addition, not only is volume up, but more to the point, phishing works. Financial losses stemming from phishing attacks rose to more than $2.8 billion in 2006.

The good news, if there is any, is that this year, overall, fewer people say they lost money to phishers. Unfortunately, when they did lose, they lost more. In two years, the average loss per victim grew from $257 to $1,244.

Average Loss per US Victim of a Phishing Attack, 2004 & 2006

"The average loss per victim nearly quintupled between 2005 and 2006," said Gartner analyst Avivah Litan. "And the thieves seem to be targeting higher-income earners who are also more likely to transact on the Internet."

Money lost to phishing is also staying lost. The average amount of money consumers recovered from phishing attacks in 2005 was 80%, but in 2006, recovery amounts dropped to 54%.

Average Percent of Money Lost due to a Phishing Attack that US Adult Internet Users Recovered, 2004 & 2006

Much of that drop is due to changing tactics on the behalf of phishers. Phishing e-mails are impersonating banks less often, and other brands, such as PayPal and eBay, more.

"Cyber-criminals are starting to shift away from attacking online banks directly, and they are leveraging less conventional brands and/or using hard to detect social engineering methods to reap financial gains," said Ms. Litan. "Countermeasures such as phishing detection and take-down services deployed by banks, Internet service providers (ISPs) and others are obviously not sufficiently widespread or effective."

Of course, phishing would not work if users did not click. But, unfortunately, users are clicking, a lot. According to Gartner, an estimated 24.4 million Americans clicked on phishing e-mails in 2006, up from approximately 11.9 million in 2005.

US Adult Internet Users Who Have Clicked on a Phishing E-Mail, 2005 & 2006 (millions)

In addition, 3.5 million users gave sensitive information to the phishers in 2006, up from 1.9 million in 2005.

US Adult Internet Users Who Have Given Sensitive Information to Phishers, 2005 & 2006 (millions)

Everybody may not be phishing. But enough people are to make it a very profitable scam.

For more on this topic, read eMarketer's Online Privacy and Security: The Fear Factor report. 

Get more articles like this one delivered every day.
Click here for the eMarketer Daily newsletter.

Access More Articles Read More Articles     Email Article E-Mail This Article     Print Article Print
Subscribe to RSS Feed RSS Feed     Share
Add eMarketer to your Google Toolbar Add eMarketer to Google Toolbar
eMarketer Total Access Subscription
See how leading marketers use eMarketer to develop successful new digital marketing and media strategies. Get Total Access.

Advertisement

Advertisement

Follow eMarketer on Twitter