Phishing is fastest growing form of consumer theft

Illegal access to bank accounts, often gained via technology-borne schemes such as "phishing," has grown into the fastest growing form of consumer theft in the US, according to Gartner.

Gartner's numbers show roughly 1.98 million people reported their checking accounts were breached in some way during the last year. Crimes such as phishing, whereby criminals use misleading email and websites to dupe individuals into sharing personal data like passwords, accounted for a staggering $2.4bn in fraud, or an average of $1,200 per victim, during the last 12 months.

The latest numbers confirm a report published by Gartner in May that highlighted the rapid growth of the phishing phenomenon. In that study, the research company concluded 57 million consumers in the US had received a phishing email during the prior year. One of the most common phishing campaigns being waged has targeted users of web auction giant eBay and its PayPal payment-services division, with financial services giant Citibank serving as another popular target.

Avivah Litan, the Gartner analyst who conducted the new research, said phishing is not the only major security problem opening consumers to possible crimes.

The analyst believes that so-called keystroke logging, or the practice of using spyware to record all the characters a computer user types into his machine, is also growing rapidly. Security software company Webroot claims its own research shows that nearly one in every three PCs harbours some kind of keystroke-logging software.

"There are great controls for other types of fraud at the banks, and credit card companies are very good at keeping an eye out for improper behavior, but there is no way to directly address phishing or keyboard logging as of yet," Litan said. "Someone needs to introduce the kind of back-end software necessary for preventing this sort of activity; that would make a difference."

As the online banking, shopping and payment industries have grown, so too have the methods used by thieves to trick unsuspecting consumers into giving away password and account data. Those most often targeted are people who have just begun to utilise online accounts to do business. Gartner reported that of the four million consumers who encountered fraud last year when opening a new online account, approximately half said they also received a phishing email.

Gartner said that bank account attacks ranked second only to physical credit card thefts in its study, which polled 5,000 people and was based on a 12-month period ending in April 2004. The research examined five types of consumer fraud: new account fraud, check forgery, unauthorised access to checking accounts, illegal credit card purchases and fraudulent cash advances on credit cards.

Litan said technology offers an attractive vehicle for criminals, because it allows them to ply their illegal trades without ever encountering their victims in person.

"The solution is in building stronger consumer authentication tools, in order to help service providers like banks build tighter links with consumers," Litan said. "We need Caller ID for the internet."

The analyst, who said she endured her own brush with criminals when someone stole her personal information and used it to make purchases on a debit card, suggested that a simple way for companies to create safer bonds with customers is to require that they answer multiple questions when logging into a site.

In addition to phishing e-mail campaigns, spyware launched via pop-up advertisements or Web sites also remains a serious threat. For instance, an Internet surfer tricked into visiting a certain Web site laced with spyware, or software that gathers information about people without their knowledge, can then have that person's password or verification information tracked and stolen.

Matt Hines writes for CNET News.com