The Cost of Phishing Hits $1.2 Billion

E-mail spoofing or “phishing” is becoming extremely expensive for the enterprise, according to a new Gartner Research study.

The report issued Thursday said the bogus attempts at getting passwords, credit card information and other personal data cost $1.2 billion in damage to U.S. Banks and credit card issuers last year. The practice is also getting more aggressive. An estimated 57 million American have received a phished e-mail in the same time period, according to the study with 76 percent of the attacks have occurred in the last 6 months.

“Eventually, all participants in Internet commerce will be hurt by an erosion of consumer trust in online transactions if phishing attacks are not sharply reduced from current levels,” said Avivah Litan, vice president and research director at Gartner in a statement.

Security and anti-fraud company Cyota also issued a report on phishing this week where they survey 650 individuals. The Cyota study noted a decreasing lack of confidence in e-mail correspondence due to phishing e-mail attacks. According to Cyota 75 percent of respondents were less likely to respond to e-mail communications from their bank and 65 percent were less likely to sign up for new online banking services. Phishing attacks also affected confidence online shopping, as 74 percent of respondant said they were less likely to shop online because of phishing.

Recent studies from Message Labs and The Anti-Phishing Working Group (APWG), showed dramatic increases in the amount of phishing attacks. Message Labs reported 337,050 phished e-mails across its network in January of 2004 alone. APWG believes the numbers to be significantly larger and may number in the hundreds of millions of phished e-mails per month.

E-mail quality in general continues to decline, Gartner said. Message Labs reported this week that 82 percent of all e-mail entering its system is spam, setting a new record.

Analysts said unfortunately the social engineering of phishing is winning out. An estimated 19 percent of U.S adult Internet users trusted enough to actually click on a link in the phishing e-mail and 3 percent reported actually entering sensitive personal or financial information.

The Gartner survey was based on a limited study of only 5,000 individuals.