The Internet Crime Complaint Center said that it received more than 275,000 complaints in 2008, up from about 207,000 in 2007. The total reported dollar loss from such scams was $265 mln, or about $25 mln more than in 2007. Among those who filed complaints, men reported losing $1.69 for every dollar that women lost.
Approximately 7.5% of US adults lost money as a result of some sort of financial fraud in 2008, in large part because of data breaches, according to Gartner. Payment card fraud (credit, debit and ATM card fraud) was the method most actively used by crooks to steal money, claiming 36% more victims in 2008 than other types of fraud. Gartner found that financial losses were highest in the case of new-account, credit card and brokerage fraud, with average losses per incident totaling $1,097, $929 and $900, respectively. However, victims of brokerage, credit card and debit/ATM card account fraud find it easiest to recover their losses, receiving an average of 100%, 86%, and 77% of the funds stolen, respectively.
UK cybercrime rose by more than 9% in 2007, according to Garlick. 3.5 mln online crimes were committed in the UK in 2007. There was an 8% drop in online identity theft and sexual offences fell 2%.
29% of Internet users have purchased goods from spam emails, according to Marshal. The most commonly purchased items include sexual enhancement pills, software, adult material and luxury items such as watches, jewellery and clothing. Botnets are networks comprised of thousands of infected personal computers, controlled remotely by criminals. They have enabled spammers to push down their costs through economies of scale and eliminated the need for spammers to host their own spam servers as they simply take control of other people’s computers instead. Recent FBI prosecutions of bot-herders and investigations of message-boards used by spammers, suggests the going rate for spammers to send a mln spam messages is as little as $5-10.
In Q2 2008, 74% of all mail received was spam. In Q2 2008, Turkey became the country with most zombie computers (11% of the global total), followed by Brazil (8.4%) and Russia (7.4%). The USA, which in the Q1 2008 accounted for 5% of all zombies, is now in ninth place with just 4.3% of the total. Google Adwords has been at the center of one of the most notable attacks over the last quarter, PandaLabs says. This Google service had been used previously to launch phishing attacks and the trend continues. This type of attack uses social engineering to trick users into revealing confidential details (bank account numbers, passwords, etc.).
US consumers lost almost $8.5 bln over the last two years to viruses, spyware, and phishing schemes. Consumer Reports estimates that American consumers have replaced about 2.1 mln computers over the past two years because of online threats. Consumers have 1 in 6 chance of becoming a cybervictim, down from 1 in 4 in 2007. Spyware and virus infections have also declined significantly over the past few years. Consumer Reports projects that problems they cause have resulted in damages of roughly $6.5 bln over the past two years. Consumer Reports also estimates that 3.5 mln U.S. households with broadband remain unprotected by a firewall.
32% of small and medium businesses in the United States and Canada have been attacked more than four times by cybercriminals in the last three years, MCAfee said. 26% of those attacked took at least a week to recover, a devastating length of time to be offline for small businesses who conduct business and sales via the Web. Recovery time in Canada was even greater, with a third (36%) taking a week or more to fully restore their systems. 44% think cybercrime is only an issue for larger organizations and believe it does not affect them. 52% of businesses believe that because they are not well-known so cybercriminals will not specifically target them. Almost half (45%) do not think they are a ‘valuable target’ for cybercriminals. 46% do not think they can be a source of profit for cybercriminals. SMBs may not be as safe from security attacks as they think. 88% of respondents believed they were ‘adequately protected,’ yet 43% of them admitted that they simply accept the default settings on their IT equipment, settings which are often not in line with their specific business needs.
88% of people interviewed in the US and the UK by Accenture said personal irresponsibility is the key cause of identity theft and fraud. 70% of respondents in the UK said they don’t write down their passwords, versus 49% in the US.
Anxiety about sharing personal data is the biggest barrier to consumer acceptance of mobile banking and commerce (66%), according to Harris Interactive. Additional barriers to adoption: more exposure to fraud and financial scams (63% expressed concern); worry about losing a device containing valuable information (61%); concern about costs (58%); usability (43%), reliability (37%), and speed of wireless network (23%)
FTC logged about 800,000 consumer complaints about identity theft during 2007, of which 32% involved identity theft and 68% covered other types of fraud. Of the identity theft cases, only 23% involved a credit card account, and cases of unauthorized new accounts outnumbered misuse of existing accounts by two to one. Other categories involved using someone else’s name for a utilities account (18%), for employment (14%), for government benefits fraud (11%), loan fraud (5%) and other forms of bank fraud (13%).
The share of online revenue lost to fraud in 2007 held steady with 2006 at 1.4%, but as e-commerce grows, the total dollar loss from online payment fraud is growing at the rate of about 20% a year and is estimated at $3.6 bln in 2007, up from $3.1 bln in 2006, according to CyberSource.
Russia now occupies number one spot on Sophos malware ranking list with 27.4% of malware, slightly ahead of China on 27%. Both leave the US trailing in third with 10.1%, Brazil on 6.6%, and the UK with 5.32%.
Overall identity fraud is declining in the United States: down by an estimated 12% over 2006, which represents a total fraud reduction of $6 bln. Fraudsters are turning to lower-tech methods by utilizing telephone theft more than ever before, Javelin Research says.
Access through mail and telephone transactions grew from 3% of ID theft in 2006 to 40% in 2007. Fraud risk is lowest in the Northeast while residents in California and other states are at the highest risk. Young adults who fall victim to fraud are most likely to purchase ID fraud insurance and sign up for fraud alerts. Older adults who fall victim often react by no longer sending bill payments and checks through unsecured mailboxes.
AV Test reported that it saw 5.49 mln unique samples of malicious software in 2007, 5x more than the 972,606 it saw in 2006.
61% of adult Americans said they were very or extremely concerned about the privacy of personal information when buying online, an increase from 47% in 2006, University of Southern California’s Center for the Digital Future says. Concerns about credit card security have largely stabilized, with 57% very or extremely concerned in 2007. It was 53% in 2006. As of 2007, 67% of adult Internet users shop online, compared with just half a year earlier. Most spend $100 or less a month, and two-thirds of online shoppers have reduced buying at brick-and-mortar stores. Online parents are more likely than ever to withhold Internet use as punishment – 62% in 2007, compared with 47% a year earlier and 32% in 2000.
57% of U.S. adults are concerned about being a victim of identity theft during the holiday season, and 66% believe they are more at risk when making purchases online, according to National Association of Insurance Commissioners. 32% of consumers were victims or knew someone who had been a victim of identity theft in the past five years, according to the survey of 500 adults, age 18 and older. Of those consumers, 46% said the identity theft exceeded $1,000.
Phishing attacks in the United States soared in 2007 as $3.2 bln was lost to these attacks, according to Gartner. 3.6 mln adults lost money in phishing attacks in the 12 months ending in August 2007, as compared with the 2.3 mln who did so the year before. Of consumers who received phishing e-mails in 2007, 3.3% say they lost money because of the attack, compared with 2.3% who lost money in 2006, and 2.9% who did so in 2005. The average dollar loss per incident declined to $886 from $1,244 lost on average in 2006 (with a median loss of $200 in 2007), but because there were more victims, $3.2 bln was lost to phishing in 2007, according to surveyed consumers. Some 1.6 mln adults recovered about 64% of their losses in 2007, up from the 54% that 1.5 mln adults recovered in 2006.
More than $3 bln was lost due to phishing attacks in 2007, according to Gartner. Between August 2006 and August 2007, 3.6 mln adults lost $3.2 bln due to phishing attacks. About 2.3 mln people were hit with phishing attacks in 2006.
4% of American adults were victims of identity theft in 2005, but half of them did not incur any out-of-pocket expenses, FTC said. Identity information was stolen from 8.3 mln US adults and most commonly used to access or open accounts for credit cards, bank checking, telephone service, e-mail, and medical insurance.
US-based Web surfers are more at risk to malware attacks and online identity theft schemes than citizens from other countries, with more than 63% of malware distributed on US-based Web sites. In addition more than 2 mln URLs world-wide distributed malicious downloads to site visitors. Cyveillance also determined that despite the rate of traditional phishing attacks leveling off, there was a 20% increase in the aggregate quantity of brands targeted, indicating that phishers continue to change targets. China and the United States host 60% of sites where malware binaries are stored, while 63% of the sites being used to attract and distribute malware are hosted in the United States. The United States also hosts over 50% of the world?s malware drop sites, which collect information from infected computers that use keyloggers, screen scrapers and other approaches to passively harvest sensitive personal information.
77% of consumers intend to stop shopping at merchants that suffer from data breaches, Javelin Strategy & Research says. Retailers and merchants are viewed by 63% of consumers as the least secure when protecting consumer?s data, compared with processors (16%), card networks like Visa or MasterCard (5%) and issuers (5%). When little is known about a data breach, half of all consumers automatically consider the merchants where they shop to be at fault. However, 85% will reward merchants who are perceived as security leaders with increased purchases.
Approximately 500,000 fewer adults in the United States fell victim to identity fraud in 2006 than in 2005. Of America’s overall adult population, 3.7% were victims, as compared to 4.0% in 2005. This demonstrates a continued year-over-year decrease since data was first collected in 2003 when 4.7% of the adult population was victimized. In terms of total dollars, identity fraud in 2007’s report dropped by an estimated 12% over the previous year, from $55.7 bln to $49.3 bln. New account fraud dropped from 1.5% of all respondents in 2006 to one% in 2007. When fraudulent accounts are opened, many victims caught the fraud more quickly utilizing online channels, such as the viewing of statements, resulting in average fraud amounts dropping from more than $10,000 in 2006 to $7,260 on average in 2007.
The overall adult population of the United States reported a fraud rate of 3.7%. Younger adults between 18 and 24 reported a much greater incident rate of 5.3%. Additionally, more than half of these victims reported knowing their perpetrators, which could include friends, neighbors or in-home employees, as compared to just 23% of overall respondents, Javelin says
For the seventh year in a row, identity theft tops the list, accounting for 36 percent of the 674,354 complaints received between January 1 and December 31, 2006.
|Top complaints to FTC in 2006|
|Internet Services and
|Foreign Money Offers||20,411||3%|
|Advance-Fee Loans and
|Business Opportunities and
|Employment Agencies, Job
Counselors, Overseas Work
|Other Coded Complaints||12,399||2%|
Americans lost about $49.3 bln in 2006 to criminals who stole their identities, an 11.5% decline from $55.7 bln in 2005, Javelin Strategy & Research reported. The average identity theft fraud fell 9% to $5,720 from $6,278.
The average loss per phishing attack was $1,244 in 2006, up from $256 in 2005. Gartner estimates that the total financial losses attributable to phishing will total $2.8 bln in 2006. In 2005, 80% of victims got their money back. In 2006 that number dropped to 54%. Gartner estimates that 3.5 mln Americans will give up sensitive information to phishers in 2006, up from an estimated 1.9 mln in 2005.