An annual study by Gartner will report that the number of consumers who were taken in by bogus online offerings increased by nearly 40 percent in 2007 over the previous year.An annual study by Gartner will report that the number of consumers who were taken in by bogus online offerings increased by nearly 40 percent in 2007 over the previous year.
Gartner vice president and research director Avivah Litan told SCmagazineUS.com that the report will reveal that 3.2 percent of adults in the United States who said they received phishing emails this year lost money as a result of these scams, compared with 2.3 percent of the total in 2006.
Industry analysts estimate that the overall cost to consumers of online fraud is approaching $3 billion for 2007, compared with $2 billion in losses reported last year, while more than three million consumers have been victimized. This upward trend is expected to continue as phishing expeditions get more sophisticated and security upgrades play catch-up.
The Gartner report comes on the heels of warnings from top industry security experts that online shopping scams likely will mushroom into a major threat during the holiday season. Christopher Rouland, chief technology officer at IBM Internet Security Systems, told the Associated Press this week that online shoppers should be particularly wary of highly discounted one-use coupons that they receive via email, which may redirect them to a copycat site whose purpose is to steal their credit card data.
According to Rouland, the quality of malware deployed in these phishing schemes is “very high.” IBM reported that the “phish trap” email addresses it controls, which number more than one million, discovered about 867,000 scams in the third quarter alone.
Litan noted that scammers have been refining the social engineering in their phishing schemes, using enticing coupons and bogus online advertising to reel in unsuspecting consumers.
“The technology (to protect consumers) exists, but it is not widely deployed. The issue is who is going to pay for it,” she said.
Major online payment players like PayPal are moving aggressively to institute digitally signed email protocols to protect their users from burgeoning phish scams, according to Litan.
“Ultimately, the best protection is for the buyer to beware,” she said.