3.2 Billion Dollars Lost to Phishing in 2007 112
mrneutron2003 brings us FastSilicon's summary of a Gartner survey which found that 3.2 billion dollars were lost in 2007 to phishing scams. "Gartner's latest survey into the realm of phishing attacks paints a rather bleak picture for 2007, with a record estimated loss of $3.2 Billion (that's Billion, with a B) U.S. Dollars. Overall loss per incident fell (to $886 from $1,244 lost on average in 2006) but the numbers of individuals who fell victim rose quite sharply from 2.3 Million in 2006 to a staggering 3.6 Million. Though online portals Paypal and eBay remained the most spoofed brands, it appears phishers are getting more creative utilizing fake electronic greetings cards, foreign businesses, and charitable organizations in their attacks on consumers. Furthermore these criminals are increasingly targeting debit card and banking credentials rather than credit cards, because the fraud protection mechanisms there are far weaker, according to a study done at The University of California at Berkeley.
Re:debit card protection (Score:5, Informative)
The best part of the disposable cards is that you can cap the spending without fees. If you're buying something for $500, put $500 on it, and don't refill it. A few times a year they have deals where the cards are free as is the first deposit, so pick up a few grand worth of them at various levels and you're set.
From what I know of the people who use them alot (google Rosemont, Illinois), they're also a great way to exchange money without anyone tracking it. Just what I've heard, though.
Re:debit card protection (Score:3, Informative)
Re:Why would criminals care about the source? (Score:5, Informative)
The reason credit cards are better is because the protections they have are enshrined in law. Debit card fraud protection isn't - it's only between you and your bank. That's where the $50 protection comes in - if your credit card is stolen, you're only responsible for the first $50 used while it was stolen (even if you didn't realize until later). Now, some banks actually make it "no liability" and eat the $50 as well, but like debit cards, that's between you and your bank.
Now, imagine your debit card is stolen (or more commonly, duplicated with information stored from illicit debit machines). As far as your bank is concerned, you've been withdrawing the money as normal.
Finally, consider the illicit charge that happens. With a credit card, the money is the bank's (or Visa/Mastercard/Amex/etc) money. They will lean on the merchant to offer proof that you made the transaction (hence the little credit card slip you sign), since that's a contract. If not, they take the money from the merchant and reimburse you.
Now try a debit card. The bank can't tell that it wasn't you that made the trasaction. In fact, it could be you trying to scam free money off the bank. All the bank has is a record that your card was used to withdraw cash from your account (your money) that you claim you never withdrew.
This should be a call for better debit card security, but until then, proving you didn't take your money is a lot harder than having the merchant prove you did make the purchase. Since it's not the bank's money, they can investigate as long as they like, while you're out of the money for the duration. Now some banks may offer cardholder services that make it similar to credit card in protection, but they don't have to. (A more practical aspect - if your credit card was used illicitly, you're not out the money immediately, so you can sustain yourself. If your debit card was used illicitly, you're out the cash until your bank refunds it. This can mean not having money for food and shelter...)
Just FYI - the signature on the back of your credit card is used to indicate that you agree to the cardholder's agreement. It is not, and should not, be used as a signature reference. That slip you sign is a contract saying you will pay the amount shown as per the cardholder's agreement (which your signature on the card verifies). Thus, "Check ID" is not a valid signature on the card, and the store is right in refusing your card since you technically did not agree to the terms of your cardholder agreement (which naturally includes stuff like paying back the money you borrowed!). The cashier, unless they are trained in handwriting analysis, can't really compare signatures (and shouldn't). They can do a quick verification to make sure that you're not playing games, but that's about it.
Stores that tend to attract a lot of fraudulent activity may request ID, though.
It's also why e-commerce is slightly more vulnerable to credit card
Re:This was already covered on Ultra-Slashdot (Score:5, Informative)
Email Address: Raymond.A.Carnine@dodgit.com,
Slashdot password is: "imFishingYouberleethaxors"
Visa: 4916 7995 1982 5659
Expires: 5/2008
oh, and you may need this: SSN: 381-80-6521
Thanks!!!!
Raymond A. Carnine [fakenamegenerator.com]
4882 Prudence Street
Farmington Hills, MI 48335
Re:How is it lost? (Score:3, Informative)
Re:Hoax (Score:1, Informative)
and if you dont want to run greasemonkey directly - convert it into a standalone firefox extension [arantius.com]
Comment removed (Score:3, Informative)