RealTime IT News

ID Theft Costs Victims $2.4B in One Year

Nearly two million adults fell prey to identity theft scams over a one-year period, costing them about $2.4 billion in losses from fraud, according to new research from Gartner .

The Stamford, Conn.-based research outfit found that perpetrators were gaining illegal access to checking accounts from such subtle tactics as "phishing," the act of e-mailing a user falsely claiming to be an legitimate business to dupe the user into providing private information that will be used for identity theft.

That information, which often includes names, addresses, social security numbers and -- perhaps most damaging -- credit card data, cost 1.98 million online users some $1,200 apiece, said report author Avivah Litan, vice president and research director at Gartner, in a company statement.

As much as half of the $2.4 billion in fraud came from phishing, Litan said in an earlier report, which also estimated that 57 million Americans have received a phished e-mail in the past year.

Litan, who culled her latest data by surveying 5,000 online U.S. adults in April 2004, said illegal access to checking accounts is proliferating, with thieves finding a goldmine of victims to scam through online channels. Unauthorized access to checking accounts, grew the fastest in the past year.

Methods rarely involve face-to-face encounters anymore, she said, noting that passwords were pilfered to help perps access accounts online or through telephone banking services.

For example, the analyst said that by merely clicking a pop-up ad, Web users unknowingly download spyware, technology that "spies" on users' information without their knowledge. Spyware traps IDs and passwords for users' online bank accounts without their knowledge.

In one major 2003 phishing scam, users received e-mails purporting to be from eBay and/or its subsidiary PayPal claiming that the user's account was about to be suspended unless he clicked on the provided link and updated the credit card information that the genuine eBay already had.

In another ploy that aped Best Buy's e-commerce operations, users received e-mails from supposed employees of the retail giant who warned of possible fraudulent activity occurring on their account. The e-mail urged users to enter personal identification, such as social security numbers and passwords, in order to verify account activity.

Phishing become a hot enough topic for the Federal Bureau of Investigation to track last year. In April, research group MessageLabs said phishing leaped 1,200 percent in the last six months.

Now, Litan is calling for those in the financial services industry to write back-end tools that protect consumers from identity theft and other online crimes. This will take time, but in the interim, "banks must implement stronger access controls to online and telephone banking systems."

The analyst endorsed shared-secret authentication as one good remedy to stave off those with malicious intent. In this method, a consumer might select a topic, such as "favorite restaurant," and enter an answer that is shared with a service provider either when the consumer registers on its site or when the provider sends an e-mail to the consumer.

Some community sites, such as Yahoo!, already use this shared secret method. Installing photographs in a consumer's profile that is stored in a company's database may work, too, she said. But these are stop-gap moves.

"In the longer term, banks need more effective tools to detect fraud and stop checking accounts from being hijacked," Litan said in a statement.