Report: Cost of phishing not so high

Online scams will snatch less money from consumers' pockets than analysts have estimated, a financial firm contends.

Monetary losses from "phishing" fraud may not be as high as some analysts have estimated, a financial consultancy firm is contending.

In a report released Wednesday, TowerGroup said phishing attacks this year will account for less than $150 million in consumer losses worldwide. The finding puts TowerGroup at odds with other researchers, who have put damages as high as $500 million.

"Phishing attacks can allow criminals to fraudulently obtain consumer data, but they do not commonly result in an actual fraud event, in which accounts are accessed or funds are stolen," Beth Robertson, senior analyst in the global payments research service at TowerGroup, said in a statement.

Phishing attacks attempt to scam consumers into going to fake e-commerce and financial sites as a way to convince the victims to give up sensitive information. TowerGroup predicted that the number of phishing attacks will almost triple to 86,000 in 2005.

But businesses, and not consumers, stand to lose the most from phishing, the financial firm maintained. For the most part, phishing attacks only succeed with a small number of online users and represent a nuisance--much as spam does--for the majority of consumers, the company said.

Phishing attacks lead online users to be more wary of e-commerce sites and e-mail communications, TowerGroup said. That could crimp business during the most lucrative quarter for online retailers, and companies whose brands are co-opted by scammers may have to deal with increased support calls and lost confidence in their brand, the firm said.

While their estimates of damages may differ, other researchers have also maintained that businesses stand to lose the most if e-commerce sites cannot figure out a way to deal with phishing.

Many e-commerce experts have warned consumers to be on the watch for fraudulent Web sites and phishing scams this holiday season.

The TowerGroup report maintains that phishing attacks are becoming more complex and generally include malicious software.