• United States



Numbers: Monetary Loss From Phishing Attacks on the Rise

Jan 02, 20082 mins
Build AutomationCSO and CISO

An estimated 3.6 million people in the United States lost money through phishing attacks between August 2006 and August 2007, according to new research from Gartner. That’s a considerable increase from the 2.3 billion who lost money through phishing the year before.

The average dollar loss per incident declined from $1,244 in 2006 to $886 in 2007, but because there were more victims, more money was lost to phishing in 2007. In all, phishing attacks cost U.S. adults $3.2 billion in 2007, according to the study, which surveyed more than 4,500 online adults.

Other findings include:

* Thieves are increasingly stealing debit card and other bank account credentials to rob accounts. According to the survey, 47 percent of consumers who lost money to phishing attacks said they had used a debit or check card as the payment method when they lost money or had unauthorized charges made on their accounts. Thirty-two percent of respondents said they used a credit card as the payment method, and 24 percent used a bank account to pay.

* The amount that consumers were able to recover increased. An estimated 1.6 million people recovered 64 percent of their losses in 2007, up from the 54 percent recovered by 1.5 million adults in 2006.

Avivah Litan, a Gartner analyst, says the increase in monetary losses from phishing attacks is partially due to the fact that many consumers aren’t properly protecting themselves. Eleven percent of online adults say they don’t use security software (antivirus or anti-spyware products) on their desktops. Forty-five percent only use what they can get for free.

Gartner says that although consumers need to be aware of phishing risks and protect themselves from attacks, e-mail providers, advertising web sites and other “infection point” providers need to take some responsibility, too. Providers need incentives to keep phishing e-mails from reaching consumers at all, and advertisers need to stop malware from being put on their websites.

“Enterprises should at least protect their own brands from being used in phishing attacks by subscribing to an anti-phishing solution,” said Litan in a Gartner press release. “Similarly, companies should subscribe to anti-malware services that detect malware targeting the firm’s customers, and prevent it from spreading across consumer desktops.”

Associate Staff Writer Katherine Walsh can be reached at

The comment field below does not work. Please send your feedback directly to the author.