Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Gartner: Phishing Attacks Threaten E-Commerce

Phishing attacks are surging, according to a not-yet-published survey of American adults, and the trend is ominous, for phishing victims are nearly three times as likely to suffer some form of identity theft as those who haven't received an e-mail scam.

Gartner, which just completed a poll of over 5,000 U.S. adults who go online, noted that if it continues, phishing attacks will have a serious impact on e-commerce.

Phishing attacks typically start with an e-mail message purporting to be from a trusted source, such as bank, credit card company, or major retailer. A link within the message directs the recipient to a "spoofed" Web site that looks legitimate but is in fact bogus. There, the user is asked to update their account information by providing credit card and bank account numbers, billing address, Social Security number, or even a mother's maiden name. (The last is often used to verify someone's identity.) The purpose: to use the stolen info to purchase goods or hijack the account.

According to Avivah Litan, a research director with Gartner and the author of the study based on the survey, 57 million Americans have been, or think they have been, the victim of a phishing attack. (Thirty million were positive, while 27 million weren't sure.)

Out of that pool, an amazing number fell for the scams. Eleven million, or about 19 percent of those attacked, said that they'd clicked on the link in the phishing e-mail. More ominous for the banking and credit card industry -- the prime target of phishing -- and proof that crime pays, almost two million, or about three percent of those attacked, reported that they'd actually divulged sensitive information, like a credit card number, by filling in a form on the spoofed Web site the link them to.

  • 1