Good news: 'Phishing' scams net <i>only</i> $500 million

Three-quarters of wired Americans have noticed an increase in phishing incidents during the past few months, according to new data.

CNET News staff
2 min read
The online cons known as "phishing" have cost U.S. consumers $500 million, according to a study released Wednesday.

In addition, the study found that three-quarters of wired Americans have noticed an increase in phishing incidents during the past few months, with one-third saying they've receiving e-mails sent under fraudulent pretenses at least once a week. The study, sponsored by Truste, a nonprofit privacy group, and NACHA, an electronic payments association, surveyed 1,335 Internet users across the United States.

Phishing scams use e-mails that appears to come from trusted companies to lure people to bogus Web sites, where they're asked to divulge sensitive personal information, such as credit card data. Attacks frequently target bank customers, but recent scams have sought out users of Gmail and Amazon.com.

While the consensus is that attacks are on the upswing, there are disagreements about the severity of the damage. Truste arrived at the $500 million figure by applying the survey's $115 average loss per victim to the general Internet population, spokeswoman Carolyn Hodge said. The tally is for all phishing fraud to date, she said. That finding differs from a Gartner study released in June, which calculated that a whopping $2.4 billion was lost to phishing fraud in a 12 month-period.

At least 70 percent of respondents to the survey, which was conducted by the Ponemon Institute, an Arizona think tank, said they had visited a spoofed Web site. About 15 percent of those people said they had parted with private data such as credit card numbers, checking account information and social security numbers.

A little more than 2 percent of all the people surveyed said they had lost money, in most cases within two weeks of being phished.

Ponemon and Truste said they would approach the Anti-Phishing Working Group, a Washington, D.C.-based trade association, with a call to run a consumer education campaign against such scams.

"As we become more educated on the problem, organizations will be better equipped to develop strategies to address these issues," Larry Ponemon, the institute's founder, said in a statement.

Almost all participants in the survey wanted companies to put in place new technologies to help authenticate e-mail and Web sites.

Antivirus company McAfee said that updates to its spam prevention service and personal firewall software, released Tuesday, will help people combat the problem.