Phishers chase the well-heeled

In the past year, individuals who earn more than $100,000 per year received an average of 112 phishing e-mails, the research firm said in the report released Thursday. For users in all income brackets, the figure was 74 phishing e-mails. Such messages appear to come from trusted sources but contain links to Web sites, such as fake banking sites, that try to trick people into handing over sensitive information.

While high-income users tended to click on bogus links less than others, their losses were greater when they were duped, the study noted. They lost an average of $4,362 per incident--four times higher than people in other income categories.

"While we can't say phishers were targeting these people, we can say they did get more phishing e-mail than others," Gartner analyst Avivah Litan said. "It could be because of the lists they are on, which phishers find attractive. I've seen lists (on the Internet) where people are advertising platinum card holders' information."

The Gartner report said 109 million U.S. adults were subjected to phishing e-mails this year, up from 79 million last year and nearly double the level two years ago.

The average loss per person swelled to $1,244 per victim this year, up from $257 last year. Making matters worse is that the amount recovered this year dropped to an average of 54 percent of the loss, compared with 80 percent last year.

"Criminals are getting craftier, and many of the 'plain vanilla' attacks that would be done on banks are going away more and more," Litan said. "They're launching sweepstakes, lottery and gift card phishing attacks, where recovery is more difficult."

Looking at the future of phishing, Litan said she would not be surprised to see attackers begin to set up a single site to launch their attack against a single user and then shut it down. Phishers, for example, are maintaining their sites on average for about an hour, whereas a couple of years ago the sites would stay up for about a week.