Browser makers may have added new antiphishing features to their products in recent months, but the criminals are still gaining ground in their efforts to defraud U.S. consumers, according to the Gartner research firm.Phishers have hit more victims with their online attacks, and while fewer people are losing money to phishers, successful attempts have been yielding bigger payoffs, said Avivah Litan, vice president and distinguished analyst at Gartner. “When they do succeed, they’re stealing five times more than they stole last year.”The average loss per phishing attack was US$1,244 this year, Litan said, up from $256. Gartner estimates that the total financial losses attributable to phishing will total $2.8 billion this year.And users who are taken in by phishing scams are less likely to recover their money, Litan said. In 2005, 80 percent of victims got their money back. This year, that number dropped to 54 percent. Gartner estimates that 3.5 million Americans will give up sensitive information to phishers in 2006—up from an estimated 1.9 million last year.Although the recently released Internet Explorer 7 and Firefox 2.0 browsers came with new antiphishing features, Microsoft and Mozilla are still playing catch-up with the crooks. “It’s still too early to know how effective [these new antiphishing features] are, but certainly that technology is a couple of years too late,” Litan said.Phishing filters are not working because attackers are moving around their phishing websites and making it very difficult for antiphishing tools to tell the difference between a computer that is malicious and one that is simply unknown, she said. A year ago, the average life span of a phisher’s website was one week. Now it’s just a few hours. “In the next year or two it will probably be one server per e-mail,” Litan said. “They’re impossible to catch and take down.”Antiphishing expert Paul Laudanski agrees that these attacks are on the rise. Part of the problem, he says, is the fact that ISPs and the companies being spoofed by phishers are not doing all they could to share information and track down the criminals.Often companies are reluctant to share information for fear that it may lead to lawsuits, said Laudanski, owner of Computer Cops and the leader of the Phishing Incident Reporting and Termination squad project.“What we need, I believe, is free, open communication,” he said. “The criminals are working together in this, but it’s hard for us to work together.” By Robert McMillan, IDG News Service (San Francisco Bureau)Keep checking in at our Security Feed for updated news coverage. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe