Gartner: $3.2 billion lost to phishing attacks in one year

Share this article:

Victims of phishing scams in the United States lost $3.2 billion during a 12-month period ending in August, and the number of people on the receiving end of phishing emails has more than doubled over the past three years, according to a report from Gartner.

The annual survey, based on responses from 4,500 online adults, estimated that 124 million people saw phishing emails in their inboxes during the 12 months covered – more than doubling the 57 million email users targeted by the scams during 2004.

The average respondent received about 80 phishing emails during the survey period.

Written by Avivah Litan, Gartner vice president and research director, the report disclosed that 3.3 percent of scam recipients – or 3.6 million people – lost money because of the attacks, compared with 2.3 percent in last year's survey.

Although the Gartner survey paints a gloomy picture of growth in the volume and sophistication of phishing attacks, it does offer some hope to besieged consumers. The average dollar amount lost per incident declined to $886 this year, down from $1,244 lost on average in 2006.

Gartner attributed the decline in average dollar amount lost per incident to the increased use of fraud-detection systems.

Meanwhile, the amount recovered by victimized consumers has increased significantly. Gartner reported that 1.6 million adults recovered 65 percent of their losses during the latest survey period, compared with 54 percent recovered by 1.5 million phishing email recipients in 2006.

The improvement in loss-recovery was due in part to the declining use of payment tools that do not facilitate refunds, according to Gartner.

“Popular sites like eBay are doing a good job of warning consumers not to use final-payment mechanisms that make it impossible to recover losses,” Litan told  

The report also noted that phishing attacks most frequently try to compromise debit card accounts, which suffered from phishing scams more than credit card and PayPal accounts. The reason: anti-fraud defenses for debit cards tend to be weaker than those for credit cards.

Litan predicted that phishing attacks will continue to escalate through 2009, at which point up to one-third of malware is expected to be delivered to consumer desktops through online advertisements.

The report was highly critical of the capabilities of financial regulators to measure the damage from phishing. Working with data obtained by the University of California, Berkeley, in a Freedom of Information Act request to the FDIC (Federal Deposit Insurance Corporation), Gartner analyzed all bank-reported data on fraud between January 2005 and May 2007. Gartner branded the data provided by regulators as “spotty, unreliable and unstructured.”

“The data quality was so poor that it was impossible to draw any conclusions from it, other than the regulatory reporting on fraud attacks is severely lacking,” Litan stated in the report.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.