Welcome | Sign In
ECommerceTimes.com
Security

REPORT
Gartner: Phishing on the Rise

Print Version
E-Mail Article
Reprints
Gartner: Phishing on the Rise

By Elizabeth Millard
E-Commerce Times
05/06/04 3:55 PM PT

If the incidence of phishing keeps increasing, it could have a devastating effect on consumer confidence. In her report, Gartner analyst Avivah Litan wrote, "Eventually, all participants in Internet commerce will be hurt by diminished consumer trust in online transactions."


Think you have to compromise on security to save on costs? Think Again. Trend Micro™ Enterprise Security, powered by the Trend Micro Smart Protection Network™, can lower your content security management costs by up to 40%. Find out just how much you’ll save with our TCO Impact Calculator.

In a recent report, Gartner (NYSE: IT) estimated that 57 million U.S. adults received a "phishing" attack e-mail within the past year, and half of those who responded became victims of identity theft.

Phishing is a tactic used to get credit card information from consumers who believe they are visiting legitimate bank and credit card sites. Usually accomplished through use of pop-up windows that piggyback on real sites, phishing has been on the scene for some time, but recent attacks have underscored how easily attackers can get hold of personal information.

Based on the representative sample in its April survey, Gartner believes nearly 11 million people, or 19 percent of the 57 million who received a phishing attack e-mail Increase Customer Sales with Email Marketing -- Free Trial from VerticalResponse, clicked on a link in that e-mail. Of those, 1.78 million, or 3 percent, remember giving phishers sensitive financial or personal information, such as credit card numbers or billing addresses.

Although the report's numbers are frightening, Gartner analyst Avivah Litan, the report's author, told the E-Commerce Times that the reality is probably even worse. "I imagine that the numbers are even higher, because there are probably people who haven't even realize that they were part of an attack," Litan said.

According to Gartner, direct losses from identity-theft fraud against phishing attack victims now cost U.S. banks and credit card issuers about US$1.2 billion last year.

From Bad to Worse

In November and December 2003, phishing attacks vaulted into the spotlight when Visa was targeted. E-mail recipients were asked to confirm their identities as part of a new security system, and they seemed to be directed to the company's legitimate site. When users clicked on the link, however, they were sent to a site that looked like Visa's but did not belong to the company.

At the time, e-mail security company Tumbleweed Communications, which runs the Anti-Phishing Working Group, noted that such attacks were up 400 percent during the holiday season. Since then, the problem has gotten worse.

Dave Jevans, chairman of the Anti-Phishing Working Group, told the E-Commerce Times that he is not surprised by Gartner's numbers because they are consistent with those seen by the working group as well.

"It's absolutely growing worse," he said. "In our numbers for March, there was a 40 percent increase in attacks over February. And it does not look like it is stopping anytime soon."

Getting Organized

Unlike spammers and hackers, who tend to be either individuals or small groups, phishers are a whole different breed.

Litan said many druglords are getting into identity theft, and it has been noted that organized-crime figures in different parts of the globe are keenly interested in phishing. The FBI and Secret Service have been putting more effort into investigating phishing rings, Jevans said, because the money may be going to fund terrorist activities.

Worse, launching attacks is now easier than ever. Software is available that makes such attacks easy to develop and run.

"Once you have the software in the system, you basically just pick a target," Jevans said.

Losing Battle?

If the incidence of phishing keeps increasing, it could have a devastating effect on consumer confidence. In her report, Litan wrote, "Eventually, all participants in Internet commerce will be hurt by diminished consumer trust in online transactions."

There are ways to stem the tide of attacks, she said, in both the immediate future and the long term. For example, stronger authentication on the Internet would go far in stopping attacks.

"The days of just asking for a password are coming to an end," she said. "Passwords are ridiculously easy to break."

Some vendors, like Brightmail, also are making anti-phishing solutions that show promise.

Weakest Link

Without high-powered tools available to fight phishing, it is unlikely that the practice will come to an end.

That is because phishers rely on credulous Internet users -- and John Movina, spokesperson for the Coalition Against Unsolicited Email (CAUCE), told the E-Commerce Times that there are more than enough of those to keep identity-theft rings going strong.

"I'm still continually surprised at how much people believe the stuff that comes into their e-mail inbox," he said. Even when warned that giving out personal information and financial data is dangerous, people will still do it, he added.

"Not to be too insulting to my fellow Internet users, but these types of models like phishing depend on people not being smart," Movina said. "And they're working. It's like the P.T. Barnum business model, with a sucker born every minute."

Print Version E-Mail Article Reprints More by Elizabeth Millard

Talkback: Be the first to comment on this story.

Related News Alerts

Gartner Activate Alert | Search Archives

More by Elizabeth Millard

Ken Xie of Fortinet on Fighting Content Threats
November 25, 2004
"Integrating independent security systems together and keeping them all up-to-date and able to coordinate their actions in the face of a fast-moving attack is a daunting if not intractable task," Fortinet CEO Ken Xie told ECT News. "To deal with today's and tomorrow's blended threats requires a more integrated, holistic approach to security." 		Microsoft Files More Lawsuits over Spam
September 24, 2004
Going after spammers rather than focusing merely on developing antispam technology is an important step, John Movina, spokesperson for the Coalition Against Unsolicited Commercial Email, said. He told The E-Commerce Times that the United States has weaker criminal laws against spam than other countries, so it's vital to find other means to stop spammers. 		French Firms Aim To Beef Up Linux Security
September 24, 2004
The consortium plans to make bringing Linux up to the Evaluation Assurance Level 5 (EAL5), which is part of an internationally recognized security certification called Common Criteria, its first effort. EAL5 satisfies major security requirements in commercial as well as defense and government applications.
Don't miss a story -- sign up for our FREE e-mail newsletters and view the latest headlines at a glance.
Tech News Flash [ View Sample ]
E-Commerce Minute [ View Sample ]
ECT News Network Weekly Newsletter [ View Sample ]
Shortcuts
> Get Business and Technology News Alerts
> Most Popular | Spotlight Features | Exclusives
> This Week on ECT News Network | Podcasts
> Online Retail Transaction Performance Indices
> Inside E-Commerce Times
E-Commerce Times
TechNewsWorld
CRM Buyer
LinuxInsider
MacNewsWorld
Today's E-Commerce Times Sponsors
Complimentary Webinar
How Much is 'Free' Costing You? DaveRamsey.com’s 567% ROI with Enterprise Analytics
Vertical Response Email Marketing!
Sign up for your Free Trial today and send 100 emails on us!
Entrust Extended Validation SSL
Entrust EV SSL certificates -- "go green" for less. Now from only $199 per year.
Trend Micro Smart Protection Network(TM)
Lower your content security management costs by up to 40%.
Avaya Aura™
Save up to 40% on calling costs with Avaya Aura™
ECT News Network Information
Reader Services
Corporate
ECT News Network
Terms of Service | Privacy Policy | How To Advertise
Copyright 1998-2009 ECT News Network, Inc. All Rights Reserved.