Gartner: Phishing attacks up against U.S. consumers

There's been a spike in such scams in the past year

A new study by research firm Gartner Inc. found that the number of online scams known as "phishing" attacks has spiked in the past year and that online consumers are frequently tricked into divulging sensitive information to criminals.

The study, which ended last month, surveyed 5,000 adult Internet users and found that around 3% of them reported giving up financial data or other personal information after being drawn into phishing scams, which use e-mail messages and Web pages designed to look like correspondence from legitimate online businesses.

The results suggest that as many as 30 million adults have experienced a phishing attack and that 1.78 million adults could have fallen victim to the scams, Gartner said.

Phishing attacks typically begin with e-mail messages purporting to come from established companies such as eBay Inc., Best Buy Co., Citigroup Inc. and others. Web page links within the e-mail messages direct recipients to Web sites disguised as official company Web pages where the recipient is asked to enter personal information such as their Social Security number, account number, password or credit card information.

U.S. authorities and leading Internet service providers such as America Online Inc., EarthLink Inc. and Microsoft Corp. have taken an aggressive stance on the scams.

In March, the U.S. Department of Justice and the Federal Trade Commission moved to stop a phishing scam that had tricked hundreds of Internet users into giving credit card and bank account numbers to Web sites that looked like those of AOL and PayPal, which is part of eBay. The FTC charged Zachary Keith Hill of Houston with deceptive and unfair practices in that case, and the DOJ named Hill as a defendant in a criminal case it filed in Virginia.

Long a nuisance, phishing scams have exploded in the past year, Gartner said. The survey results suggest that 76% of all known or suspected phishing attacks occurred in the last six months, and 92% of known attacks happened in the 12 months preceding the study.

A success rate of 3% is more than enough to encourage further attacks, Gartner said.

ISPs need to address the phishing problem to prevent the Internet and e-mail from being discredited as a medium for customer transactions, the research firm said.

Copyright © 2004 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon