E-MAIL A FRIEND
PRINTER FRIENDLY
SAVE ARTICLE
FOR REPRINTS
The results underline the persistent success of online social engineering tactics.
Losses resulting from phishing attacks hit in excess of $3.2 billion in 2007, in what has been a bumper year for the well-established and persistently successful social engineering fraud tactic.
According to analyst house Gartner, around 3.6 million US adults fell victim to phishing attacks in the 12 months ending August 2007, representing an increase of 64% on the same time period for 2006. Of those consumers who received phishing e-mails in 2007, 3.3% said that they consequently lost money, compared with the 2.3% who were defrauded in 2006, says Gartner.
PayPal and eBay continue to be the most-spoofed online sites, but phishing attacks increasingly adopt a range of guises, impersonating electronic greeting cards, charities and foreign businesses, says Gartner.
The results underline the persistent success of social engineering tactics, in which users are effectively ‘fooled’ into believing they are accessing a legitimate page – or performing a legitimate transaction – when they are in fact entering critical data into criminal data capture systems.
Most security experts agree that even the very best protection can be compromised by social engineering tactics, because online criminals – who are now highly organised, well-funded and technically expert – will always be able to outwit the user.
Research carried out by the Georgia Institute of Technology has found that just over 50% of consumers are unable to identify a phishing attack at first sight, but such skills do improve with practice.
Crucially, however, consumers were unable to apply the skills used to identify one type of phishing attack to another phishing attack, suggesting the ongoing success of phishing attacks is owed, in large part, to their increasing diversification across different types of online portals.
Further reading
Norwich Union fined for ID theft
Lord Erroll: HMRC breach a "godsend"
McAfee: Cyber-espionage resource drain
MI5: E-espionage resource drain
HMRC breach sparks finance fears
Find more stories in the Security & Continuity Briefing Room
