Browser makers may have added new antiphishing features to their products in recent months, but the criminals are still gaining
ground in their efforts to defraud U.S. consumers, according to the Gartner Inc. research firm.
Phishers have hit more victims with their online attacks, and while fewer people are losing money to phishers, successful
attempts have been yielding bigger payoffs, said Avivah Litan, vice president and distinguished analyst at Gartner. "When
they do succeeded, they're stealing five times more than they stole last year."
The average loss per phishing attack was US$1,244 this year, Litan said, up from $256. Gartner estimates that the total financial
losses attributable to phishing will total $2.8 billion this year.
And users who are taken in by phishing scams are less likely to recover their money, Litan said. In 2005, 80 percent of victims
got their money back. This year, that number dropped to 54 percent.
Gartner estimates that 3.5 million Americans will give up sensitive information to phishers in 2006 -- up from an estimated
1.9 million last year.
Although the recently released Internet Explorer 7 and Firefox 2.0 browsers came with new antiphishing features, Microsoft
Corp. and Mozilla Corp. are still playing catch-up with the crooks.
"It's still too early to know how effective [these new antiphishing features] are, but certainly that technology is a couple
of years too late," Litan said.
Phishing filters are not working because attackers are moving around their phishing Web sites and making it very difficult
for antiphishing tools to tell the difference between a computer that is malicious and one that is simply unknown, she said.
A year ago, the average lifespan of a phisher's Web site was one week. Now it's just a few hours. "In the next year or two
it will probably be one server per e-mail," Litan said. "They're impossible to catch and take down."
Antiphishing expert Paul Laudanski agrees that these attacks are on the rise. Part of the problem, he says, is the fact that
Internet service providers and the companies being spoofed by phishers are not doing all they could to share information and
track down the criminals.
Often companies are reluctant to share information for fear that it may lead to lawsuits, said Laudanski, owner of Computer
Cops LLC and the leader of the Phishing Incident Reporting and Termination squad project.
"What we need, I believe, is free, open communication," he said. "The criminals are working together in this, but it's hard
for us to work together."
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
