Annual Phishing Losses up to $9.40 for Each Online Banking Customer

Trusteer Reports that Half of Online Banking Users Who Click on Phishing E-mails Lose their Login Credentials



Annual Phishing Related Losses Estimated to be as High as $9.4M per Million Customers



NEW YORK--(BUSINESS WIRE)--Trusteer, the customer protection company for online businesses, reported today that while only a small number online banking customers visit phishing sites each year (1.04 percent), about half of those victims (0.47 percent) divulge their login credentials to these fraudulent websites impersonating the bank. Based on the sheer volume of these attacks, losses attributed to phishing could cost banks as much as $9.4M annually per 1 million users if criminals abuse all of the stolen accounts. These findings are based on a sample of more than 3 million users of the Rapport browser security service, who are customers of 10 large US and European banks.



Although there are a multitude of research findings and statistics on phishing attacks, information on how successful they are, how many users actually respond to them, and how many submit their login credentials or other personal information to criminal websites has been elusive. The reason is simple – this information is extremely hard to collect. The Trusteer platform provides a unique view into the success and failure rates of phishing attacks via its Rapport plug-in, which is installed on approximately three million computers across North America and Europe. Rapport constantly monitors phishing attacks against the computers it protects, and can identify/prevent users from trying to submit login information to phishing websites.



Trusteer based its research on data collected over a three month period during which phishing events from 10 large banks across the US and Europe were analyzed. The report’s key findings include:

• Each phishing attack compromises a very small number of customer accounts (0.000564%), but due to the large number of attacks, the aggregated number is significant.


• 1.04% of bank customers click on malicious links and are redirected to a phishing website.


• 0.47% of a bank’s customers divulge their login credentials and other personal information on phishing websites. If abused, the losses associated with these hijacked credentials would range between $2.4M and $9.4M annually (per one million online banking clients).

The full report is available at http://www.trusteer.com/webform/measuring-effectiveness-wild-phishing-attacks.



“Since the vast majority of phishing attacks are blocked by server-based anti-spam and e-mail/browser phishing filters, we decided to focus our research only on malicious messages that were delivered and were acted upon by the victims,” said Amit Klein, CTO of Trusteer and head of the company’s research organization. “While the fact that nearly half of the victims were tricked into giving up their online banking credentials was surprising, the aggregate value of the financial losses created by only half of one percent of a bank’s customers is staggering.”



About Rapport

Rapport from Trusteer is a lightweight browser plug-in plus security service that acts like a vault inside the browser and prevents redirection of user information to fraudulent websites. It protects personally identifiable information (PII) and Web pages from unauthorized access and theft while users are accessing sensitive Web sites. Trusteer also offers in-the-cloud reporting services where unauthorized access attempts detected by Rapport are analyzed by fraud experts who provide actionable intelligence to financial institutions.



About Trusteer

Trusteer enables online businesses to secure communications with their customers over the Internet and protect PII from a user's keyboard into the company's Web site. Trusteer's flagship product, Rapport, allows online banks, brokerages, healthcare providers, and retailers to protect their customers from identity theft and financial fraud. Unlike conventional approaches to Web security, Rapport protects users' PII even if their computer is infected with malware including Trojans and keyloggers, or is victimized by pharming or phishing attacks. Trusteer is a privately held corporation led by former executives from Cyota/RSA Security, Imperva, and NetScreen/Juniper. For more information visit www.trusteer.com.



Contacts

Marc Gendron PR

Marc Gendron, 781-237-0341

marc@mgpr.net

Permalink: http://www.businesswire.com/news/home/20091202005153/en

Related articles by the PIN Payments News Blog

• Trusteer Warns of New Two Headed Trojan Attack Against Online Banks - W32 Silon (pindebit.blogspot.com)


• Trusteer Wins 2009 Frost & Sullivan Web Fraud Protection Product of the Year Award (pindebit.blogspot.com)


• Report: The "Web" Has NEVER Been More Dangerous! (pindebit.blogspot.com)


• Online Fraud Likely to Harm Online Banking (pindebit.blogspot.com)