Recently, I came across a press release by McAfee citing the results of a “groundbreaking” study that talks about the psychological games played by phishers and email scam artists. The results of the study indicated that “cyber criminals use fear, greed and lust to methodically steal personal and proprietary financial information”. Frankly, I didn’t see anything groundbreaking in those results. Don’t we all know that social engineers (including phishers) have to play with people’s psyches to get them to click on links and submit personal information?
The study did however quote some interesting statistics from a 2006 Gartner study:
- Cumulative loses stemming from phishing attacks rose to more than $2.8 billion in 2006 as compared to $137 million in 2004.
- Number of US adults that received phishing emails doubled from 57 million in 2004 to 109 million in 2006.
- The per-victim loss due to phishing increased almost five-fold from $257 in 2004 to $1,244 in 2006
These numbers beg the question – are we fighting phishing the right way?