Modernizing Authentication — What It Takes to Transform Secure Access
The Stamford, Conn.-based research outfit found that perpetrators were gaining illegal access to checking accounts from such subtle tactics like ''phishing'', the act of e-mailing a user falsely claiming to be an legitimate business to dupe the user into providing private information that will be used for identity theft.
That information, which often includes names, addresses, social security numbers and -- perhaps most damaging -- credit card data, cost 1.98 million online users some $1,200 apiece, said report author Avivah Litan, vice president and research director at Gartner, in a company statement.
As much as half of the $2.4 billion in fraud came from phishing, Litan said in an earlier report, which also estimated that 57 million Americans have received a phished e-mail in the past year.https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i Litan, who culled her latest data by surveying 5,000 online U.S. adults in April 2004, said illegal access to checking accounts is proliferating, with thieves finding a goldmine of victims to scam through online channels. Unauthorized access to checking accounts, grew the fastest in the past year.
Methods rarely involve face-to-face encounters anymore, she said, noting that passwords were pilfered to help perps access accounts online or through telephone banking services.
For example, the analyst said that by merely clicking a pop-up ad, Web users unknowingly download spyware, technology that ''spies'' on users' information without their knowledge. Spyware traps IDs and passwords for users' online bank accounts without their knowledge.
In one major 2003 phishing scam, users received e-mails purporting to be from eBay and/or its subsidiary PayPal claiming that the user's account was about to be suspended unless he clicked on the provided link and updated the credit card information that the genuine eBay already had.
In another ploy that aped Best Buy's e-commerce operations, users received e-mails from supposed employees of the retail giant who warned of possible fraudulent activity occurring on their account. The e-mail urged users to enter personal identification, such as social security numbers and passwords, in order to verify account activity.
Phishing become a hot enough topic for the Federal Bureau of Investigation to track last year. In April, research group MessageLabs said phishing leaped 1,200 percent in the last six months.