Phishing
is fastest growing form of consumer theft |
June 16 2004
by Matt Hines
Nearly
two million Americans duped last year…
Illegal access to bank accounts,
often gained via technology-borne schemes such as "phishing," has grown into the fastest growing form of consumer theft in
the US, according to Gartner.
Gartner's
numbers show roughly 1.98 million people reported their checking accounts were breached in some way during the last year.
Crimes such as phishing, whereby criminals use misleading email and websites to dupe individuals into sharing personal data
like passwords, accounted for a staggering $2.4bn in fraud, or an average of $1,200 per victim, during the last 12 months.
The
latest numbers confirm a report published by Gartner in May that highlighted the rapid growth of the phishing phenomenon.
In that study, the research company concluded 57 million consumers in the US
had received a phishing email during the prior year. One of the most common phishing campaigns being waged has targeted users
of web auction giant eBay and its PayPal payment-services division, with financial services giant Citibank serving as another
popular target.
Avivah Litan, the Gartner analyst
who conducted the new research, said phishing is not the only major security problem opening consumers to possible crimes.
The analyst believes that so-called
keystroke logging, or the practice of using spyware to record all the characters a computer user types into his machine, is
also growing rapidly. Security software company Webroot claims its own research shows that nearly one in every three PCs harbours
some kind of keystroke-logging software.
"There are great controls for other
types of fraud at the banks, and credit card companies are very good at keeping an eye out for improper behavior, but there
is no way to directly address phishing or keyboard logging as of yet," Litan said. "Someone needs to introduce the kind of
back-end software necessary for preventing this sort of activity; that would make a difference."
As the online banking, shopping
and payment industries have grown, so too have the methods used by thieves to trick unsuspecting consumers into giving away
password and account data. Those most often targeted are people who have just begun to utilise online accounts to do business.
Gartner reported that of the four million consumers who encountered fraud last year when opening a new online account, approximately
half said they also received a phishing email.
Gartner said that bank account
attacks ranked second only to physical credit card thefts in its study, which polled 5,000 people and was based on a 12-month
period ending in April 2004. The research examined five types of consumer fraud: new account fraud, check forgery, unauthorised
access to checking accounts, illegal credit card purchases and fraudulent cash advances on credit cards.
Litan said technology offers an
attractive vehicle for criminals, because it allows them to ply their illegal trades without ever encountering their victims
in person.
"The solution is in building stronger
consumer authentication tools, in order to help service providers like banks build tighter links with consumers," Litan said.
"We need Caller ID for the internet."
The analyst, who said she endured
her own brush with criminals when someone stole her personal information and used it to make purchases on a debit card, suggested
that a simple way for companies to create safer bonds with customers is to require that they answer multiple questions when
logging into a site.
In addition to phishing e-mail
campaigns, spyware launched via pop-up advertisements or Web sites also remains a serious threat. For instance, an Internet
surfer tricked into visiting a certain Web site laced with spyware, or software that gathers information about people without
their knowledge, can then have that person's password or verification information tracked and stolen.
Matt Hines writes for
CNET News.com