A new study by research firm, Gartner, has found that the number of online scams known as phishing attacks has spiked in the past year and that online consumers are frequently tricked into divulging sensitive information to criminals.
The study, which ended in April 2004, surveyed 5000 adult Internet users and found that about three per cent of those surveyed reported giving up personal financial or personal information after being drawn into a phishing scam, which uses email messages and Web pages designed to look like correspondence from legitimate online businesses.
The results suggest that as many as 30 million adults have experienced a phishing attack and that 1.78 million adults could have fallen victim to the scams, Gartner said.
Phishing attacks typically begin with email messages purporting to come from established companies such as eBay, Best Buy, Citigroup and others.
Web page links within the email messages direct recipients to websites disguised as official company Web pages where the recipient is asked to enter personal information such as their account number, password or credit card information.
The US federal authorities and leading Internet service providers (ISPs) such as AOL, EarthLink and Microsoft have taken a more aggressive stance on the scams.
In March, the US Federal Trade Commission and the US Department of Justice (DOJ) moved to stop a phishing scam that had tricked hundreds of Internet users into giving credit card and bank account numbers to Web sites that looked like those of AOL and PayPal, part of eBay.
The FTC charged Zachary Keith Hill of Houston with deceptive and unfair practices in that case, and the DOJ named Hill as a defendant in a criminal case it filed in Virginia.
Long a nuisance, phishing scams had increased in number dramatically in the past year, Gartner said. The survey results suggest that 76 per cent of all known or suspected phishing attacks occurred in the last six months, and 92 per cent of known attacks happened in the 12 months preceding the study.
A success rate of three per cent was enough to encourage further attacks, Gartner said.
ISPs needed to address the phishing problem to prevent the Internet and email from being discredited as a medium for customer transactions, it said.