Analyst: Online ID fraud is hyped; real problem is off-line
One in 25 Americans were affected by all forms of ID fraud last year
Computerworld - Despite incidents such as the $22 million in losses suffered by E-Trade Financial Corp. and TD Ameritrade Holding Corp. from online identity fraudsters, the problem of online identity theft is vastly hyped when compared with its more prevalent off-line equivalent, according to one analyst group.
The two leading online stock brokerages have admitted in recent days that overseas hackers used software to steal personal customer data to access and create trading accounts as part of a stock-fraud scheme.
While keylogging software, phishing e-mails that impersonate official bank messages and hackers who break into customer databases may dominate headlines, more than 90% of identity fraud starts off conventionally, with stolen bank statements, misplaced passwords or other similar means, according to Javelin Strategy & Research.
"An insignificant portion of identity fraud actually starts with the Internet," said James Van Dyke, president of Javelin, who pointed out that many firms still rely on simple security questions such as one's mother's maiden name. "The Internet always grabs the headlines, but it is individuals who are close to the victims, such as family and friends, that are doing most of it," he said.
The Pleasanton, Calif.-based research firm has polled 5,000 consumers by telephone for the past three years. Extrapolating from that sample, Javelin estimates that identity fraud in all its forms resulted in $56.6 billion in losses last year.
While fraudsters often use the Internet to access existing bank, phone or brokerage accounts or to create new ones using stolen details, in only one out of 10 of those incidents did the actual theft of the personal data take place through e-mail or the Web or somewhere else on the Internet, according to Javelin. "No matter how you slice the data, it's really hard to arrive at a scenario where the Internet could be the source of the majority of identity fraud," Van Dyke said.
All told, 4% of Americans were affected by identity fraud in 2005, a statistic that is slowly shrinking, though the value of each fraud incident is growing, Van Dyke said. The total losses attributed to identity fraud has held steady the past three years.
Bank customers in the U.S. are not the most frequent targets of the most common form of online identity theft, phishing attacks. Statistics from antimalware vendor McAfee Inc. show that more than half of all recent phishing attacks involved e-mails from a sender masquerading as VolksBank, a German bank, with another quarter targeting customers of U.K. bank Barclays PLC.
EBay Inc., through its namesake auction site as well as its PayPal financial site, is impersonated in phishing e-mails 14% of the time. Fraudulent e-mails purport to be from Bank of America Corp. and Nationwide Bank 3% and 1.5% of the time, respectively.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts