Online Fraud: RSA on Phishing-Related Losses
- EMC’s Security Division, RSA, praises its RSA FraudAction service and claims it has managed to shut down 500,000 online attacks on behalf of its customers, thus allowing them to avoid assessed 7.5 billion dollars losses.
- RSA FraudAction is mainly intended for the banking and e-commerce sectors. This 24/7 fraud detection and alert service focuses on preventing phishing and pharming attacks as well as helping companies avoid Trojan horses. It includes the Anti-Fraud Command Center, a research team working on fraudulent websites takedown and countermeasures deployments. According to recently released RSA FraudAction Research Lab’s assessments, between June 2010 and June 2011, phishing-related losses have reached one billion dollars, with the US and UK being the most affected countries.
- As the e-commerce and e-banking sectors are making progress worldwide, RSA also reminds that phishing-related threats are subsequently increasing too and insists that opting for appropriate protection measures is an actual need.
- Information gathered by the Anti-Phishing Working Group in the first half 2011 shows that the number of phishing attacks worldwide has doubled when compared with the first half 2010 (from 48,244 to 115,472).
Source: Anti-Phishing Working Group, Global Phishing Survey: Trends and Domain Name Use in 1H2011
January-June 2011 – Released November 2011
- Furthermore, this report also focuses on the situation in China where attacks are conducted inside the country against its own citizens. During the first semester 2011, these cases have increased by 44% (vs. half one 2010). 36 institutions have been affected, including banks. Also, 88% of the attacks targeted the Alibaba group-operated e commerce platform, Taobao.com: the favoured target worldwide after PayPal.
- Avivah Litan, Vice President and Distinguished Analyst at Gartner, however explains that:
Web fraud detection and takedown services have proven to significantly help reduce the lifespan of these attacks which helps minimize the potential of financial loss for targeted organizations and to reduce the distribution and potency of the malware that is typically used in these attacks to infect end users and harvest information such as log-in credentials and other sensitive data.