Trusteer, the customer protection company for online businesses, reported that while only a small number online banking customers visit phishing sites each year (1.04 percent), about half of those victims (0.47 percent) divulge their login credentials to these fraudulent websites impersonating the bank.
Trusteer based its research on data collected over a three month period during which phishing events from 10 major banks across the US and Europe were analyzed.
The report’s key findings include, each phishing attack compromises a very small number of customer accounts (0.000564 percent), but due to the large number of attacks, the aggregated number is significant. 1.04 percent of bank customers click on malicious links and are redirected to a phishing website.
0.47 percent of a bank’s customers divulge their login credentials and other personal information on phishing websites. If abused, the losses associated with these hijacked credentials would range between $2.4m and $9.4m annually.
Trusteer claimed that its platform provides a view into the success and failure rates of phishing attacks via its Rapport plug-in, which is installed on approximately 3m computers across North America and Europe. Rapport constantly monitors phishing attacks against the computers it protects, and can identify/prevent users from trying to submit login information to phishing websites.
Amit Klein, CTO of Trusteer and head of the company’s research organization, said: “Since the vast majority of phishing attacks are blocked by server-based anti-spam and e-mail/browser phishing filters, we decided to focus our research only on malicious messages that were delivered and were acted upon by the victims.
“While the fact that nearly half of the victims were tricked into giving up their online banking credentials was surprising, the aggregate value of the financial losses created by only half of one percent of a bank’s customers is staggering.”