Fraud Losses from Email Phishing Attacks to Total $137 Million Globally in 2004, Lower than other Estimates: TowerGroup

TowerGroup Finds Greater Potential Cost of Phishing Scams Will Be in Lost Consumer Confidence in Online Channel and Financial Institution Brands

NEEDHAM, MA, December 1, 2004 � Relatively unknown only a year ago, email “phishing” scams have exploded in both frequency and media attention to become one of the most urgent threats to online financial services. A recent suspension of online banking services by the UK-based financial institution, NatWest, is evidence of the growing scope of phishing and related cyber-threats.

Email scams like phishing, which are used by criminals to convince individuals to reveal confidential information, leverage the Internet’s value as a low-cost and efficient vehicle for reaching consumers. Further, the Internet has shifted aspects of the burden of security from the financial institution to the consumer, who is often ill-equipped to deal with the onslaught of new fraud schemes and the gaping holes in PC security.

Even so, TowerGroup believes the actual dollar value of phishing-related fraud losses are far less than commonly cited. “Direct fraud losses attributable to phishing are expected to total just $137.1 million globally in 2004,” said Beth Robertson, senior analyst in the Global Payments research service at TowerGroup and co-author of the research. “Phishing attacks can allow criminals to fraudulently obtain consumer data, but they do not as commonly result in an actual fraud event in which accounts are accessed or funds are stolen.”

Highlights of the research include:

  • Although TowerGroup concurs with the general trends reported by industry consortia, these groups’ statistics underreport the actual level and mix of phishing attacks. TowerGroup believes that the true number of phishing attacks will total more than 31,000 globally in 2004. This number is expected to rise to over 86,000 by 2005, as the phenomenon spreads to customers of smaller financial institutions, new merchant/service-provider categories and new global markets.

  • Today, phishing has become more advanced and multifaceted as organized crime rings have taken over much of its development. Not only has the quality of fake emails improved, but more effective targeting is increasing the efficiency of phishing attacks. Phishers are also integrating their scams with malicious software (or “malware”) downloads, as well as complex new variants better classified as “malware attacks” than as phishing – making the threat from these attacks more dangerous and more difficult to detect and prevent.

  • Phishing attacks are successful in fooling only a very small fraction of the online population and are, to many consumers, a nuisance like spam. Yet the increasing frequency and sophistication of phishing has the potential to negatively affect consumer confidence in the Internet as a viable channel to conduct commerce.

“Ultimately the total cost of managing this growing menace will be far greater than the cost of direct fraud,” said George Tubin, senior analyst in the Delivery Channels research practice and co-author of the research. “One of the greatest liabilities is the potential loss of customer confidence in the Internet as a channel for provisioning financial services, not to mention loss of trust in financial institutions themselves. This is a critical issue, given the rising importance of the online channel in the retail financial services delivery mix.”

The TowerGroup research report titled, “A Phish Tale? Moving From Hype to Reality,” catalogues the increasing sophistication of phishing and related Internet scams and clarifies the scope and impact of these threats. A companion report titled, “No Phishing Zone: Vendor and Industry Initiatives to Curb E-Mail Fraud,” reviews how the financial services industry is beginning to address this growing problem.

These reports were developed jointly by analysts covering three critical business areas (credit and debit cards, Internet banking, and Internet payments) affected by the expansion of cybercrime. In addition to senior analysts Beth Robertson and George Tubin, the research was co-authored by John Gould (research director, Consumer Lending & Bank Cards).

Those interested in purchasing a copy of any TowerGroup report may call +1.781.292.5200 or email service-info@towergroup.com.

About TowerGroup: TowerGroup is the leading advisory research and consulting firm focused on the global financial services industry. A respected source for trusted information and advice, TowerGroup brings many of the world’s leading financial institutions, technology companies, and professional services firms a deeper understanding of the business and technology issues impacting their organizations. Headquartered near Boston in Needham, Massachusetts, and with offices in North American, Europe, and the Asia-Pacific region, TowerGroup serves a global client base. www.towergroup.com.