Computer Crime Research Center

etc/mishen.jpg

ID theft shows growth trends

Date: June 23, 2005
Source: MSNBC News
By: Bob Sullivan

Overwhelmed by a flood of bad ID theft news, consumers in search of a raft say the government isn’t doing enough to protect them.

In one of the most extensive studies yet on consumer attitudes about identity theft, Gartner Inc. found that about half those polled either weren’t aware they were entitled to a free credit report or considered them “not effective” in fighting ID theft. The survey, released Thursday, also found that one-third of consumers are "very concerned" about being victims of identity theft, and nearly half are altering their online activities as a result.

Gartner researcher Avivah Litan, who led the study, said the survey results also suggested that more than 1 million consumers have been tricked into divulging their personal information to senders of so-called phishing e-mails, with financial losses totaling nearly $1 billion.

Gartner conducted the survey of 5,000 U.S. adults in May, during the thick of a series of announcements revealing massive theft and loss of consumer data by major U.S. firms such as ChoicePoint, LexisNexis and Bank of America. The survey has a margin of error of plus or minus 3 percentage points.

Identity anxiety is also hampering e-commerce growth, the study found. Forty-two percent of respondents said worries about phishing, data losses, and spyware are affecting their online shopping habits. These findings parallel those of another study released last week by the Cyber Security Industry Alliance.

"Consumers are really getting scared, and they don't think their government is protecting them," said Litan, who authored a similar study one year ago. This year's study was conducted before the announcement of recent data loss incidents affecting millions of consumers by CitiCorp and MasterCard. "I think it would be even worse now," she said.

The study was released a day after yet another identity theft measure was to be introduced in Congress. Sens. Arlen Specter, R-Pa., and Patrick Leahy, D-Vt., planned to introduce legislation Wednesday that would make it a crime for companies to fail to disclose the theft or loss of consumers' personal data.

Joanne Crane, who heads the Federal Trade Commission's identity theft group, said she understands why consumer concerns are heightened now, with all the recent news surrounding data leaks. In all, some 50 million consumer records were put at risk by the reported incidents. But Crane said she believes similar leaks had been happening for years The recent news is really the result of compliance with a state law in California requiring disclosure of data losses, she said.

"Business record theft, as we call it, has always been the 800-pound gorilla in the middle of the room that no one was ... able to talk about," Crane said. "But I don't think consumers need to feel more at risk now then they were before."

Phishing still on the rise
But the risks are rising, Litan's study found, with phishing attempts growing at a steep rate. Extrapolating from the survey data, Litan estimated that almost 73 million of the 148 million U.S. adults now online have received at least one phishing e-mail, up 28 percent in the past year. About two-thirds of those who said they'd received such e-mail said they'd been "phished" in the prior month.

The attacks continue because they work, Litan said.

Using those surveyed as a sample, Litan estimated that 1.2 million Internet users believe they have divulged their personal information to criminals, who eventually managed to steal $929 million from those consumers' accounts in the past 12 months. And those figures are probably low, Litan said.

"Financial losses and numbers of victims this year are likely to be higher than the numbers reported here, which are based on what consumers think they know about the attacks," the report says. About 87 percent of the money was refunded to consumers by banks, making phishing a costly problem for financial institutions.

The phishing problem creates other headaches for companies, too, the study found. More than 80 percent of consumers say they are reluctant to trust e-mail communications from any company as a result of the confusion caused by phishing.

The research also examined spyware, revealing that 46 percent of all consumers say they've spotted some kind of malicious software on their desktop.
Add comment  Email to a Friend

Copyright © 2001-2024 Computer Crime Research Center
CCRC logo