3.2 Billion Dollars Lost to Phishing in 2007 112
mrneutron2003 brings us FastSilicon's summary of a Gartner survey which found that 3.2 billion dollars were lost in 2007 to phishing scams. "Gartner's latest survey into the realm of phishing attacks paints a rather bleak picture for 2007, with a record estimated loss of $3.2 Billion (that's Billion, with a B) U.S. Dollars. Overall loss per incident fell (to $886 from $1,244 lost on average in 2006) but the numbers of individuals who fell victim rose quite sharply from 2.3 Million in 2006 to a staggering 3.6 Million. Though online portals Paypal and eBay remained the most spoofed brands, it appears phishers are getting more creative utilizing fake electronic greetings cards, foreign businesses, and charitable organizations in their attacks on consumers. Furthermore these criminals are increasingly targeting debit card and banking credentials rather than credit cards, because the fraud protection mechanisms there are far weaker, according to a study done at The University of California at Berkeley.
debit card protection (Score:2)
For years, I couldn't get a credit card because my credit was terrible, so I had no choice but to sign up for internet porn using my debit card (what else was I supposed to do? go without?)
So, I figure that my debit card # is sitting in a few forgotten databases around the internet. I'm not worried though, because ultimately, my BANK is liable, not me.
Re: (Score:1)
Re: (Score:3, Informative)
Re:debit card protection (Score:4, Interesting)
I'm surprised that more banks don't make you retrieve credit/debit cards at local branches. Lots of cameras to help verify who you are. I know that when I want to change my PIN, I have to go to a WAMU branch to do it, whereas I can remember doing it online just a few years ago.
Re: (Score:3, Informative)
Re:debit card protection (Score:5, Informative)
The best part of the disposable cards is that you can cap the spending without fees. If you're buying something for $500, put $500 on it, and don't refill it. A few times a year they have deals where the cards are free as is the first deposit, so pick up a few grand worth of them at various levels and you're set.
From what I know of the people who use them alot (google Rosemont, Illinois), they're also a great way to exchange money without anyone tracking it. Just what I've heard, though.
Re: (Score:2)
$4.95/month
ATM Cash Withdrawl: $2.50
Re: (Score:2)
The "Best" part about a Debit card is you can only spend what you have. Keep $100 in the account and refresh it daily. But if that $100 gets out, it's gone.
Re: (Score:1)
You pay for internet porn??? (Score:4, Funny)
On another note I have an abundant supply of di-hydrogen monoxide I am looking to sell. It is extremely useful for many applications. Regularly priced at up to $4.00 / litre, I am willing to part with it for only $0.50 / litre. Msg me for details!
Well... Maybe (Score:2)
Re: (Score:2)
Both Visa and Mastercard offer $0 liability. Some banks do as well. But the real crux is there is no defined time in the law to saw when you get your refund. If someone takes $1000 from your bank accont, you could be out that money for days or weeks while the investigation is proceeding. This could cause you to defualt on mortgage payments or car payments and be a real P
Re: (Score:2)
Because of the nature of the transactions, you are much safer with a credit card.
Re: (Score:1)
That said, you should find a better option than your primary checking account for online purchases.
It has been a while since I working in banking, but the nice people at the major credit card companies have a lot of sway over the practices of the people using their networks.
Solution (Score:1)
This was already covered on Ultra-Slashdot (Score:5, Funny)
Oh, and those of you who don't have Ultra-Slashdot, just send me your e-mail address, your Slashdot password, and your credit card number (just for verification), and I'll be sure to enable it for you...
Re:This was already covered on Ultra-Slashdot (Score:5, Informative)
Email Address: Raymond.A.Carnine@dodgit.com,
Slashdot password is: "imFishingYouberleethaxors"
Visa: 4916 7995 1982 5659
Expires: 5/2008
oh, and you may need this: SSN: 381-80-6521
Thanks!!!!
Raymond A. Carnine [fakenamegenerator.com]
4882 Prudence Street
Farmington Hills, MI 48335
Re: (Score:2)
I clicked on your link, and hey, that's nifty. First load, however, it gave me the exact birthday as my actual one. I wonder what their year range is. The odds of this are what, 20 or so by 365? damn!
I wonder if they have a super unusual feb 29....
Re: (Score:2)
Re: (Score:2)
I found that a popular porn filter is very good at weeding out fake business sites such as the fake pay pal and ebay fakes. This adds a strong layer of protection. They may send me a direct link to their fantastic deal on ebay, but when I get the scrubit page instead of ebay, then there is no way to give them real info by accident. Filtered internet is good for more than keeping the kids from surfing porn all day.
I have tr
Re: (Score:2)
Tell your friend No. I just use the DNS addresses in my router as is. It's install free, configuration free and compatible with all my boxes from Windows 95/98, Linux, XP and the wife's Vista. If your friend wants customized filtering, try Open DNS. Much malware lurks in the shady parts of porn. There are lots free video codecs required to play their video that are more than just a video codec. It's best to stay away and not i
Re:Quick address fake detector.. (Score:2)
"Your search for 4882 Prudence Street, near Farmington Hills, MI 48335 did not match any locations.
Suggestions:
* Make sure all words are spelled correctly.
* Try different keywords.
* Try more general keywords."
This BS detector might be useful for sellers who get a ship to which isn't the same as the bil
Re: (Score:2)
And yeah, the information that fakename generates makes no attempt to be valid - its just for testing databases etc, (and for me to use when 'mandatory fields' are presented on ridiculous webforms (I'm looking at you Solaris)). From the fakename generator FAQ:
Re: (Score:2, Funny)
Be sure to post a journal with the usernames/numbers of anybody who actually does this, so we can stone them.
One person's loss is another's gain (Score:5, Insightful)
Are these people that good? Is it that hard to follow the trail?
Do the companies care that their consumers are being duped?
No. Really. Have you ever hit up paypal or ebay regarding a fraudulent transaction? Nothing usually ever comes of it. Why think that they will change now?
Re: (Score:3, Insightful)
No. Really. Have you ever hit up paypal or ebay regarding a fraudulent transaction? Nothing usually ever comes of it. Why think that they will change now?
No, it's just that people are THAT stupid. If you're stupid enough to follow these phishing deals, then you get what you deserve. It's akin to walking down to and asking people where you can buy a nice and handing them your wallet. If you don't know HOW to distinguish genuine emails from from a phishing attack, then you should put your credit card away, step away from the computer, get in your car, and go shopping at the mall like the olden days. To an extent, the banks and businesses can do a bette
Re: (Score:2)
No, it's just that people are THAT stupid. If you're stupid enough to follow these phishing deals, then you get what you deserve.
Amen to that. You know, I get phishing e-mails every day at my main account, and tons more to my hotmail and yahoo accounts (where their filters catch most of them, but it's fun sometimes just to look them over before they get shit-canned). I would say that at LEAST 2/3 of them are so obviously fake (misspellings, fractured syntax, totally unprofessional looking, etc.) that yo
Re: (Score:2)
No, it's just that people are THAT stupid. If you're stupid enough to follow these phishing deals, then you get what you deserve.
I think one of two things has happened here, either you mis-understand what a phishing e-mail actually is or your anti-spam mechanisms catch most of the phishing e-mails that come your way. These are not the "v14gr3" type mailings - these are often exact replicas of bank, eBay, PayPal, etc. websites and/or mailings so meticulously crafted that at times they've made me take pause to examine the headers. URLs are obfuscated in ever more clever ways and at first glance I wouldn't think anything of it and I w
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Interesting)
I know that the tinfoil hat is a popular slashdotter stereotype but...
The credit card companies do *not* want fraud to go away - they need a small amount to justify their cut of every transaction on the planet.
A decade ago, I used to be able to swipe my ATM card (which was nothing more, at that time) at the grocery store or gas pump and - voila - the cost was deducted from my checking account. Then, all of a sudden, my bank decided that they wanted
Re: (Score:2)
The UK for example has switched almost exclusively to "chip and pin" http://www.chipandpin.co.uk/ [chipandpin.co.uk] Visa cards. Some smaller stores and fast food outlets don't even accept old-fashioned signature-only credit cards any more.
Most banks in the US/Canada charge fees for a fixed number of transactions, your bank just
You can't really blame them (Score:2)
The thing was - the ATM transactions didn't cost either party more than the marginal cost of having the system in place. With the Visa (or Mastercard, etc) direct-check, my bank and Visa get to cut each other in on the deal. It is all a big racket.
Oh come on, that's nothing. The banks have us renting our money from them, at 5% (or whatever) every year. 95% of money is credit. Think about that for a second. The banks are earning 5% per year on 95% of all the money which exists.
The credit card companies simply saw that we were dumb enough to rent said money from the banks and wondered if we would be so dumb that we'd pay them a fee on every single transaction, and basically they were right, we are. We go out every day and work our arses off for 8 hour
Re: (Score:2)
It does really make you wonder (Score:2)
I know with the technological spoofery it can be difficult to find the origin of the phishing.
With dodgy registrars and others it can be difficult to find the owner of a domain.
But the money has to actually go *somewhere*. So why can't it be followed up at the point somebody moves it somewhere?
Re: (Score:2)
That way my initial response actually. Money is one of those things that's very hard to "lose" in the sense that it doesn't really vanish - it just ends up in someone else's pocket at the end of the day. The interesting thing would be to see how much economic activity is generated by the stolen funds - because I guarantee that these guys aren't just taking the money and having it sit in a non-interest bearing account in some kind of bizarre effort to combat inf
Re: (Score:2)
I think part of that may stem from how the costs are incurred. The collective amount lost to fraud is quite large, on the order of billions of dollars, but the amount lost for each individual case is probably fairly small, probably on the order of a few thousand dollars or so on average. Now, given that it takes a certain fixed amount of legwork to track each fraud to its source and punish those responsible, most fraud cases are not large enough to justify those fixe
Re: (Score:2)
People scammed: 3.6 million
Suckers/confused: 1.2%
and that's if we limit the pool to the US. It's not really surprising that they get this many people. Expect it to only go up as the online pool gets bigger.
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
Once. I ordered a set of Quantum Leap DVDs that turned out to be pirated, complained to both eBay and PayPal, and got my money back. The vendor disappeared off of eBay immediately, although I suppose they were back under a different name the next day.
The thing about these DVDs is that the price was about right for a legitimate copy, and the vendor
Why would criminals care about the source? (Score:2, Interesting)
But don't the criminals still get the money, regardless of which type of account from which they steal it? Why do they care either way about better consumer fraud protection (which I read as "responsibility for unknown charges")? Or is it that credit cards have
Re:Why would criminals care about the source? (Score:5, Informative)
The reason credit cards are better is because the protections they have are enshrined in law. Debit card fraud protection isn't - it's only between you and your bank. That's where the $50 protection comes in - if your credit card is stolen, you're only responsible for the first $50 used while it was stolen (even if you didn't realize until later). Now, some banks actually make it "no liability" and eat the $50 as well, but like debit cards, that's between you and your bank.
Now, imagine your debit card is stolen (or more commonly, duplicated with information stored from illicit debit machines). As far as your bank is concerned, you've been withdrawing the money as normal.
Finally, consider the illicit charge that happens. With a credit card, the money is the bank's (or Visa/Mastercard/Amex/etc) money. They will lean on the merchant to offer proof that you made the transaction (hence the little credit card slip you sign), since that's a contract. If not, they take the money from the merchant and reimburse you.
Now try a debit card. The bank can't tell that it wasn't you that made the trasaction. In fact, it could be you trying to scam free money off the bank. All the bank has is a record that your card was used to withdraw cash from your account (your money) that you claim you never withdrew.
This should be a call for better debit card security, but until then, proving you didn't take your money is a lot harder than having the merchant prove you did make the purchase. Since it's not the bank's money, they can investigate as long as they like, while you're out of the money for the duration. Now some banks may offer cardholder services that make it similar to credit card in protection, but they don't have to. (A more practical aspect - if your credit card was used illicitly, you're not out the money immediately, so you can sustain yourself. If your debit card was used illicitly, you're out the cash until your bank refunds it. This can mean not having money for food and shelter...)
Just FYI - the signature on the back of your credit card is used to indicate that you agree to the cardholder's agreement. It is not, and should not, be used as a signature reference. That slip you sign is a contract saying you will pay the amount shown as per the cardholder's agreement (which your signature on the card verifies). Thus, "Check ID" is not a valid signature on the card, and the store is right in refusing your card since you technically did not agree to the terms of your cardholder agreement (which naturally includes stuff like paying back the money you borrowed!). The cashier, unless they are trained in handwriting analysis, can't really compare signatures (and shouldn't). They can do a quick verification to make sure that you're not playing games, but that's about it.
Stores that tend to attract a lot of fraudulent activity may request ID, though.
It's also why e-commerce is slightly more vulnerable to credit card
Re: (Score:1)
Re: (Score:1)
Thanks for the info. That is helpful.
But do you see what I mean about the criminal side of it? Why would a criminal care if I get my money back, thus why would they prefer to steal from a bank account? Do you know if there's anything that makes it harder to steal from a CC account vs. a bank account? The article and summary made it sound like thieves prefer bank accounts vs. credit cards for some reason.
Re: (Score:3, Informative)
Phishing for spam. (Score:5, Interesting)
Re: (Score:1)
Slightly illegal? Is there a sliding scale of culpability when it comes to stealing what belongs to someone else these days? Obviously I mean OTHER than corporate scams like Enron.
Re: (Score:2)
There we go.
Wow, that's a lot of money! NOT. (Score:2)
Let's look at $3.2 billion "lost."
300 million adults in the US x Z = 3,200 million.
Z = $10.66
So we're all fretting over $10.66 each that we lost in a year. Big d
Re: (Score:2)
Re: (Score:2)
Who is the real victim of internet phishing? YOU ARE!!!
Re: (Score:2)
Err, no. I only bank with banks that provide extra insurance over their D&O policy. If you are familiar with banking regulations and laws, D&O protects banks from a lot of fraudulent activities that the banks can generally ignore. SOME banks have extra D&O insurance.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Unfortunately, it takes a lot of research. If you've followed my banking info (take a look at my latest site, Full Reserve Banking [fullreservebanking.com] where I am theorizing on the actual process of my utopian bank), you know that I don't keep a lot of money in cash-denominated accounts. Almost all of my dollar savings are in some sort of full-reserve structure, such as a laddered CD. I only do this to keep my money partially interest-bear
Re: (Score:1)
Perspective matters. (Score:2)
Re: (Score:3, Insightful)
Re: (Score:2)
Still doesn't effect me. The minute I heard about phishing, I sent an email to all my friends and family explaining it in detail. This goes back years ago. So far, not a single person I know, not a single customer I work with (out of thousands of users) and not a single
Re: (Score:2)
Re: (Score:1)
when does whack-a-mole end? (Score:3, Interesting)
Many of the phishing emails I have seen tend to use domains that are creatively re-arranged to look like the real thing - something like paypal.com.evilphishingdomain.com to substitute in for the real paypal.com. And of course, the evilphishingdomain.com was willingly sold to a crook by a registrar who themselves are of less-than-stellar reputation.
Just as I've said before regarding spamming domains, if there were better controls on the domain registration process, a lot of this could be reigned in. Sure, some phishing emails do go by IP addresses instead of domain names, but for the large portion of them that use names instead, we can shut down their game quicker by making registrars actually give a hoot about their customers' damage.
The Malware Economy Evolves (slashdot article) [slashdot.org]
Comments on Malware Economy [slashdot.org]
The Economic Basis of Spam (slashdot article) [slashdot.org]
Comments on Economic Basis of Spam [slashdot.org]
My journal article on the registrars' role in keeping spam alive [slashdot.org]
Re: (Score:2)
What we need is to teach people what domains ARE in the first place; that they are crucial (down to the last character) for reaching one's proper destination; that checking links by hovering over them first and looking at the tooltip/status bar is important for safety; that establishing the HTTPS lock is no good unless one looks at the domain at the same time.
Legal Phishing (Score:5, Interesting)
The end result is the same, some group (in this case retail store executives) is getting billions of dollars in exchange for exactly nothing.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Suckers (Score:2)
Dan East
More like 3.7 billion (Score:1)
Seriously, when they say a number like $1244, where are they getting that?
The reason is simple (Score:1)
Hmmm, Gartner (Score:2)
Lost? (Score:1)
We need some "anti-stupid" legislation! (Score:2)
It would, of course, be harmful and limiting to commercial interests for such usage restrictions to be put into place and could even serve as a tool to restrict communications freedom... so maybe in that respect, this is a really really bad idea. But I'm thinking that a license to use the public internet should been
Good Advice (Score:2)
Anyone can pretend to be your bank or the tax authorities, so don't fill in any forms or pay any money without cast-iron proof. Make them personally visit your shack in the mountains. Don't be s
That Stinks (Score:1)
Suntrust Bank Phishing its Own Customers? (Score:1, Interesting)
Later that same day, I get another E-mail from "Suntrust Credentials Delivery", asking me to go to https://www.suntrust.com/completeenrollment [suntrust.com] and enter th
Lost? (Score:2)
It's just like when you lose a job, or a girl, right Mr. Goldthwait?
How about some unbiased journalism? (Score:2, Insightful)
"Gartner's latest survey into the realm of phishing shows increased income for 2007, with record revenue of $3.2 Billion (that's Billion, with a B) U.S. Dollars. Overall income per incident fell (to $886 from $1,244 made on average in 2006) but the numbers of individuals who subscribed rose quite sharply from 2.3 Million in 2006 to an impressive 3.6 Million. Though online por
There are over 300 million people in the US (Score:2)
The news here isn't "OMG scamming is teh huge!" but that the numbers are so low. My everyday experience would lead me to believe that the number would be significantly higher than 1%. I mean, I run across people every day where I wind up wondering "How does someone that stupid remember to breathe?"
darwinian principles at work? (Score:2)
The major sites contributing to the problem (Score:2)
Gartner sees no easy way out of this dilemma unless e-mail providers have incentives to invest in solutions to keep phishing e-mails from reaching consumers in the first place, and unless advertising networks and other "infection point" providers (which theoretically can be any legitimate Web site or service) have incentives to keep malware from being planted on their Web sites to reach unsuspecting consumers.
In practice, only a small minority of "legitimate Web sites or services" are
I don't believe it... (Score:1)
Your typical fear-mongering.
Not lost! (Score:2)
Thanks... (Score:2)
dear people, (Score:2)
Thanks.
Re: (Score:2)
Re: (Score:1, Informative)
and if you dont want to run greasemonkey directly - convert it into a standalone firefox extension [arantius.com]