Though relatively few European and
American internet banking users fall victim to phishing attacks,
the potential financial losses faced by banks remain substantial.
These costs could run to as much as $9.4 million annually per 1
million users if criminals abuse all compromised accounts.
This warning comes from US-based security
specialist Trusteer, which has just completed a study based on a
sample of more than 3 million customers from 10 large US and
European banks using its Rapport browser security service.
Key findings of Trusteer’s study were:
• 1.04 percent of bank customers click on
malicious links and are redirected to a phishing website;
• Each phishing attack compromises a very
small number of customer accounts (0.000564 percent), but due to
the large number of attacks, the aggregated number is significant;
• 0.47 percent of a bank’s customers divulge
their login details and other personal information on phishing
websites. If abused, the losses associated with these hijacked
credentials would range from between $2.4 million to $9.4 million
annually per one million online banking clients.
Trusteer noted in its study that although
there are a multitude of research findings and statistics on
phishing attacks, information on how successful they are, how many
users actually respond to them, and how many submit their login
details or other personal information to criminal websites has been
elusive. The reason, explained Trusteer, is that this information
is extremely hard to collect.
According to Trusteer, it has overcome this
problem by incorporating a plug-in with its Rapport product
offering that provides the ability to monitor phishing attacks
against the computers it protects. The plug-in can also prevent
users from trying to submit login information to phishing
Trusteer’s Rapport solution was this year’s
winner of Frost & Sullivan’s Innovation of the Year Award. The
product, highlighted the consultancy, is capable of defeating
browser-based attacks such as phishing, pharming,
man-in-the-browser, man-in-the-middle and session hijacking.