Phishing attacks forecast to nearly triple next year
This may be the season to be jolly, but consumers and businesses can expect their worst fears about phishing and other online scams to come true.
Phishing attacks are expected to almost triple in number over the next 12 months, as organised crime rings expand their areas of activity and push more sophisticated fraud schemes over the internet.
Multinational research and consulting firm TowerGroup predicted the number of phishing attacks next year would rise to more than 86,000 worldwide, from about 31,000 this year.
'Direct fraud losses attributable to phishing are expected to total U$137.1 million globally in 2004,' said Beth Robertson, senior analyst in the Global Payments research service at TowerGroup.
Relatively unknown a year ago, phishing has exploded in both frequency and media attention to become one of the most urgent threats to online financial services worldwide.
Phishing is an attempt by a third party to solicit confidential information from an individual or organisation, mostly for financial gain. Perpetrators attempt to trick users into disclosing credit card numbers, online banking information or other sensitive data that is then used to commit fraudulent acts.
A multifaceted security threat, phishing is being conducted through e-mail, spam, spyware and hybrid, mass-mailing virus attacks called 'blended threats'. Typical phishing attacks use 'spoofed' e-mails and fraudulent websites designed to fool recipients into divulging personal financial data.
'Ultimately, the total cost of managing this growing menace will be far greater than the cost of direct fraud,' said George Tubin, senior analyst in TowerGroup's Delivery Channels research practice.
'One of the greatest liabilities is the potential loss of customer confidence in the internet as a channel for provisioning financial services, not to mention loss of trust in financial institutions themselves.'
In Hong Kong, HSBC recently made a series of changes to its online banking service to protect customer accounts after discovering that a dozen HSBC customers had lost more than $660,000 due to phishing.
Eleven suspected members of a syndicate linked to Eastern European crime organisations have been arrested.
TowerGroup said the phishing phenomenon would probably spread swiftly to customers of smaller financial institutions, new merchant/service-provider categories and new global markets.
Rami Habal, phishing expert for US-based messaging security specialist Proofpoint, said: 'The holidays are an especially dangerous period for consumers and employees, because the increased volume of legitimate commercial e-mail provides additional 'cover' for the fraudulent e-mail, making it easier to deceive people into giving away their personal information.'
How not to get caught in the Net
Be aware. View with suspicion any e-mail with an urgent request for personal identifying information, personal financial information, user names or passwords. Your bank, online services or legitimate e-commerce sites are unlikely to ask you for this type of information via e-mail.
Be secure. When shopping online, entering information such as credit card numbers, or updating personal information, make sure you're using a secure website. If you are on a secure Web server, the address will begin with https:// instead of http://.
Keep an eye on your accounts. Check your credit card and bank statements regularly, especially during holiday seasons. If you see anything suspicious, contact the financial institution immediately.
Source: Proofpoint
