WASHINGTON, Dec. 20 (UPI) -- Phishing attacks on U.S. e-mail users netted cybercriminals $3.2 billion in 2007, with a million extra victims, and debit cards are a growing target.
A survey by Stamford, Conn.-based computer security firm Gartner Inc. found that 3.6 million adults lost money in phishing e-mail attacks in the 12 months ending in August 2007, as compared with 2.3 million the year before.
The average dollar loss fell to $886 from $1,244 the year before, but because there were more victims, a total of $3.2 billion was lost in 2007.
But the survey, of a representative sample of more than 4,500 online Americans, found the attacks were more successful in 2007 than they were previously.
Of those who got phishing e-mails in 2007, 3.3 percent say they lost money because of the attack, compared with 2.3 percent in 2006.
Phishing e-mails purport to come from a bank or other financial institution and instruct recipients to go to a Web site to "confirm" their login details. But the site is a forgery designed to steal passwords to facilitate theft.
The good news this year? The amounts that victims were able to recover also increased. Some 1.6 million adults recovered about 64 percent of their losses in 2007, up from the 54 percent that 1.5 million adults recovered in 2006.
"Phishing attacks are becoming more surreptitious and are often designed to drop malware that steals user credentials and sensitive information from consumer desktops," said Avivah Litan, vice president and distinguished analyst at Gartner.
She said that anti-phishing software was available "but not utilized widely enough to stop the damage."
PayPal and eBay continued to be the favorite Web sites spoofed by phishers, but attacks increasingly employed diverse tactics, including downloadable attachments containing malware that steals passwords and login information.
