On 5 May 2004, Gartner announced the results of a survey showing that an estimated 57 million American adults received e-mail attacks from “phishers” — hackers or cyberthieves who pretend to be trusted service providers to steal consumer account information. Survey respondents included 5,000 online adults, selected as a representative sample of the U.S. population. Extrapolating from this sample, Gartner concludes that more than 30 million people were "absolutely sure" they were victims of a phishing attack, and another 27 million thought they had received what "looked like" a phishing attack — and over 90 percent said the attacks happened within the past year. Another 35 million were unsure whether they had experienced an attack, and just 49 million of 141 million online consumers said they had not experienced one.

Gartner research conducted in April 2004 indicates that millions of consumers unknowingly fall for phishing attacks — e-mail communications designed to steal consumer account information, such as credit card data, home addresses and telephone numbers. Consumers have reason to be nervous. Phishing attacks undermine their confidence in the authenticity of e-mail originators, threatening consumer trust in the very foundation of Internet-based communications.

Based on the representative sample, Gartner believes that nearly 11 million online adults — representing about 19 percent of those attacked — have clicked on the link in a phishing attack e-mail. Even more seriously, 1.78 million Americans, or 3 percent of those attacked, remember giving the phishers sensitive financial or personal information, such as credit card numbers or billing addresses, by filling in a form on a spoof Web site. Gartner believes that at least a million more individuals may have fallen for such schemes without realizing it. Direct losses from identity theft fraud against phishing attack victims — including new-account, checking account and credit card account fraud — cost U.S. banks and credit card issuers about $1.2 billion last year.

Gartner believes that the double-digit expansion of U.S. e-commerce will slow down unless service providers adequately address consumer security concerns. A future Gartner note will outline emerging antiphishing solutions, ranging from digitally signed e-mail to managed antiphishing services. Without the implementation of phishing antidotes, consumer trust will further erode and annual U.S. e-commerce growth will slow to 10 percent or less by 2007 (0.6 probability).

Recommendations: The rise in phishing attacks is threatening consumer confidence as never before. Eventually, all participants in Internet commerce will be hurt by diminished consumer trust in online transactions. Given that the victims are more likely to suffer from identity theft, consumer distrust in Internet security is certainly a reasonable reaction. Service providers must begin implementing solutions that authenticate themselves to their customers, and their customers to them.

Analytical Source: Avivah Litan, Gartner Research

Recommended Reading and Related Research

• "Online Bill Payment Will Be Top Bank Priority in 2003" — Failure to cultivate online bill payment applications in 2003 will cause banks to lose revenue and customers to competing service providers. By Avivah Litan
• " Application Fraud and Rising Identity Theft Plagues Banks" — Legislators are motivating banks to improve their customer authentication systems, but most banks are using inadequate applications to prevent the fraud. Instead, they must start using identity scoring techniques that are starting to evolve in the market. By Avivah Litan

(You may need to sign in or be a Gartner client to access all of this content.)