An estimated 3.6 million people in the United States lost money through phishing attacks between August 2006 and August 2007, according to new research from Gartner. That’s a considerable increase from the 2.3 billion who lost money through phishing the year before.The average dollar loss per incident declined from $1,244 in 2006 to $886 in 2007, but because there were more victims, more money was lost to phishing in 2007. In all, phishing attacks cost U.S. adults $3.2 billion in 2007, according to the study, which surveyed more than 4,500 online adults.Other findings include: * Thieves are increasingly stealing debit card and other bank account credentials to rob accounts. According to the survey, 47 percent of consumers who lost money to phishing attacks said they had used a debit or check card as the payment method when they lost money or had unauthorized charges made on their accounts. Thirty-two percent of respondents said they used a credit card as the payment method, and 24 percent used a bank account to pay. * The amount that consumers were able to recover increased. An estimated 1.6 million people recovered 64 percent of their losses in 2007, up from the 54 percent recovered by 1.5 million adults in 2006.Avivah Litan, a Gartner analyst, says the increase in monetary losses from phishing attacks is partially due to the fact that many consumers aren’t properly protecting themselves. Eleven percent of online adults say they don’t use security software (antivirus or anti-spyware products) on their desktops. Forty-five percent only use what they can get for free. Gartner says that although consumers need to be aware of phishing risks and protect themselves from attacks, e-mail providers, advertising web sites and other “infection point” providers need to take some responsibility, too. Providers need incentives to keep phishing e-mails from reaching consumers at all, and advertisers need to stop malware from being put on their websites.“Enterprises should at least protect their own brands from being used in phishing attacks by subscribing to an anti-phishing solution,” said Litan in a Gartner press release. “Similarly, companies should subscribe to anti-malware services that detect malware targeting the firm’s customers, and prevent it from spreading across consumer desktops.”Associate Staff Writer Katherine Walsh can be reached at kwalsh@cxo.com. —The comment field below does not work. Please send your feedback directly to the author. Related content news Google Chrome zero-day jumps onto CISA's known vulnerability list A serious security flaw in Google Chrome, which was discovered under active exploitation in the wild, is a new addition to the Cybersecurity and Infrastructure Agency’s Known Exploited vulnerabilities catalog. By Jon Gold Oct 03, 2023 3 mins Zero-day vulnerability brandpost The advantages and risks of large language models in the cloud Understanding the pros and cons of LLMs in the cloud is a step closer to optimized efficiency—but be mindful of security concerns along the way. By Daniel Prizmant, Senior Principal Researcher at Palo Alto Networks Oct 03, 2023 5 mins Cloud Security news Arm patches bugs in Mali GPUs that affect Android phones and Chromebooks The vulnerability with active exploitations allows local non-privileged users to access freed-up memory for staging new attacks. By Shweta Sharma Oct 03, 2023 3 mins Android Security Vulnerabilities news UK businesses face tightening cybersecurity budgets as incidents spike More than a quarter of UK organisations think their cybersecurity budget is inadequate to protect them from growing threats. By Michael Hill Oct 03, 2023 3 mins CSO and CISO Risk Management Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe