June 16, 2004
ID Theft Costs Victims $2.4B in One Year
By Clint Boulton
Nearly two million adults fell prey to identity theft scams over a
one-year
period, costing them about $2.4 billion in losses from fraud, according to
new research from Gartner (Quote, Chart).
The Stamford, Conn.-based research outfit found that perpetrators were
gaining illegal access to checking accounts from such subtle tactics as
"phi****ng," the act of e-mailing a user falsely claiming to be an
legitimate
business to dupe the user into providing private information that will be
used for identity theft.
That information, which often includes names, addresses, social security
numbers and -- perhaps most damaging -- credit card data, cost 1.98
million
online users some $1,200 apiece, said re****t author Avivah Litan, vice
president and research director at Gartner, in a company statement.
As much as half of the $2.4 billion in fraud came from phi****ng, Litan
said
in an earlier re****t, which also estimated that 57 million Americans have
received a phished e-mail in the past year.
Litan, who culled her latest data by surveying 5,000 online U.S. adults in
April 2004, said illegal access to checking accounts is proliferating,
with
thieves finding a goldmine of victims to scam through online channels.
Unauthorized access to checking accounts, grew the fastest in the past
year.
Methods rarely involve face-to-face encounters anymore, she said, noting
that passwords were pilfered to help perps access accounts online or
through
telephone banking services.
For example, the analyst said that by merely clicking a pop-up ad, Web
users
unknowingly download spyware, technology that "spies" on users'
information
without their knowledge. Spyware traps IDs and passwords for users' online
bank accounts without their knowledge.
In one major 2003 phi****ng scam, users received e-mails pur****ting to be
from eBay and/or its subsidiary PayPal claiming that the user's account
was
about to be suspended unless he clicked on the provided link and updated
the
credit card information that the genuine eBay already had.
In another ploy that aped Best Buy's e-commerce operations, users received
e-mails from supposed employees of the retail giant who warned of possible
fraudulent activity occurring on their account. The e-mail urged users to
enter personal identification, such as social security numbers and
passwords, in order to verify account activity.
Phi****ng become a hot enough topic for the Federal Bureau of Investigation
to track last year. In April, research group MessageLabs said phi****ng
leaped 1,200 percent in the last six months.
Now, Litan is calling for those in the financial services industry to
write
back-end tools that protect consumers from identity theft and other online
crimes. This will take time, but in the interim, "banks must implement
stronger access controls to online and telephone banking systems."
The analyst endorsed shared-secret authentication as one good remedy to
stave off those with malicious intent. In this method, a consumer might
select a topic, such as "favorite restaurant," and enter an answer that is
shared with a service provider either when the consumer registers on its
site or when the provider sends an e-mail to the consumer.
Some community sites, such as Yahoo!, already use this shared secret
method.
Installing photographs in a consumer's profile that is stored in a
company's
database may work, too, she said. But these are stop-gap moves.
"In the longer term, banks need more effective tools to detect fraud and
stop checking accounts from being hijacked," Litan said in a statement.
John De Gennaro
--
Let the name calling begin!!! (its all you libs have)
|
