Report offers an interesting look at live Phishing attacks
by Steve Ragan - Dec 8 2009, 16:20Phishing is almost as common as Spam. The emails ask for information of all types, report to come from all kinds of businesses, are mostly used for information gathering, and more often than not, target financial institutions. Trusteer measured the effectiveness of Phishing attacks for one year, and the results are not what you would expect.
According to Trusteer’s data, which was compiled after measuring live Phishing attacks from their Rapport browser plug-in, the criminals who launch Phishing attacks only snag a small percentage of victims. However, the payoff is huge, to the tune of 2.4-9.4 Million dollars in annual losses by the banks.
Using the data as an example, Trusteer said that each Phishing attack compromised only 0.000564-percent of customers. At the same time, 45-percent of customers who were directed to a Phishing page handed over their personal information as asked. As mentioned, less than one percent (0.47) of customers will fall victim to Phishing, but those that do run up an impressive tab.
“Since the vast majority of Phishing attacks are blocked by server-based anti-spam and e-mail/browser Phishing filters, we decided to focus our research only on malicious messages that were delivered and were acted upon by the victims,” said Amit Klein, CTO of Trusteer and head of the company’s research organization.
“While the fact that nearly half of the victims were tricked into giving up their online banking credentials was surprising, the aggregate value of the financial losses created by only half of one percent of a bank’s customers is staggering.”
Trusteer collected their data over three months, while analyzing Phishing events from 10 large banks across Europe and the US. Over this period they noted that each financial operation was targeted by 16 Phishing websites a week, which equated to more than 800 per year. When compared to the data from the Anti-Phishing Group, Trusteer said that just 1 out of 2.7 Phishing domains actually reached their mark.
If you want to see the report, you can view it here.
Comment on this Story