A new report from Trusteer has shown that phishing attacks are rarely successful, but still worth millions of dollars to the attackers.
Trusteer makes a browser plugin called Rapport which is given away for free to customers of certain banks (including some Canadian banks). The plugin monitors for phishing attacks and can detect when someone is submitting login information to a false banking site. Rapport has been installed on about 3 million computers in Europe and North America, and data collected by the plugin provides a valuable look into the damage caused by phishing attacks.
In the recent study, Trusteer monitored the data from the Rapport plugin during a three month period, and in that time it analyzed phishing attacks against 10 large banks in the US and Europe. The key findings were:
- each bank was targeted by an average of 16 phishing attacks per week (or about 832 attacks per year)
- out of every million bank customers, about 12 (0.00125%) are lured into visiting each false web site that was studied. This is a very low success rate, but…
- given that a bank experiences many phishing attacks in a year, about 1.04% of it customers were lured to one of the false web sites each year
- once people were lured to a false web site, about 50% of the time they entered and submitted their login information
- doing the math, this means that about 0.47% of a banks customers revealed their login information to criminals each year
- if the losses from stolen login information total $2,000 per case, then a bank with a million customers lost about $9.4 million per year
- …and that money is going to criminals
Whoever said that crime does not pay did not try phishing.