RSA: Phishing Cost $687 Million in the First Half of 2012

If you’re trying to convince your boss to open up the purse strings for your anti-spam footprint, you’re going to need numbers. Let’s face it: you’re not going to convince the boss with vague claims like “spam costs a lot of money!” Whether you plan on upgrading your software solution or improve your training process, you need to justify the budgetary spend. Fortunately, if there’s one thing the security industry is good at doing, it’s coming up with numbers.

The numbers don’t always agree with each other, but when drilling down into the research methods used, you can usually find a common theme and a ring of truth. That’s especially true for reports from firms that specialize in security. For example, the security firm RSA presented the results of its study on the first half of 2012 this week, and interestingly enough, the article posted on RSA’s blog points the finger squarely at phishing.

The article, entitled Phishing in Season: A Look at Online Fraud in 2012, doesn’t waste any time getting to the point: “Compared with H2 2011, end of June numbers show a 19% increase as phishers heavily target the UK, U.S. and Canada – and their associated brands – with the same old online trickery that continues to plague the world.” Now, 19% may not sound significant all on its own, but when combined with a dollar figure, it becomes the stuff that opens a boss’ wallet. According to RSA, the estimated losses due to phishing attacks in the first half of 2012 is $687 million US.

RSA notes that the “number was calculated using a lower attack uptime median and yet, it marks a 32% increase in losses when compared with last year’s equivalent (1H2011), and a slight decrease when compared with 2H2011.” RSA also pointed out findings from the Anti-Phishing Working Group, which found that the uptime of attacks were down from 15.3 hours per attack to 11.72 hours per attack, suggesting that each instance of a successful phishing scheme yielded less money for the cyber crooks. However, overall attacks were up, and that means everyone needs to be a little more mindful of the dangers of wily phishermen.

RSA also notes that the same short list of target countries remains unchanged, with the UK, US, Canada, Brazil, and South Africa topping the list of countries attacked by phishing schemes. RSA also points out that some countries revealed dramatic increases in phishing attacks during the first half of 2012. In Canada, phishing schemes were up a whopping 400%, an increase which is probably due to Canada’s economic stability and the near one-to-one ratio between the Canadian and US dollars. As RSA points out in the article, the fraudsters do love to follow the money.

Perhaps it’s just the accounting side of the war on spam, but researchers just love to apply numbers to the pesky stuff.  RSA takes it one step further, though, and gets philosophical about the state of phishing in the world today. Phishing has been around for 16 years now – it seems like forever – and it still represents one of the top threats circulating the Internet today.

Why? asks RSA. “At the core of this seemingly simple threat,” they answer, “lies a powerful force– human emotion. Although phishing is a 21st century crime, manipulation, deceit and persuasion are not. “ The social engineering component of phishing continues to be a successful method for getting users to give up their personal information. When people act by feeling rather than acting rationally, they’re more likely to make the mistakes that become a part of that $687 million nugget that keeps phishers coming back for more.

Emotional triggers continue to be a source of success for the cybercrooks, says RSA. “Intended readers have to be convinced that they need to visit the URL for a reason valid and credible enough to cause them to impart their credentials and personal information.” We can’t ignore the key emotional triggers that enable successful phishing – the promise of rewards, plain old human greed, emotional response to false accusations, curiosity, the need to right a perceived wrong, and misplaced trust, are all emotional responses identified by RSA as triggers that line phishers’ pockets.

It’s somewhat odd to regard phishing as a success story that continues to thrive. One might assume that after 16 years and a glut of tombstone data about a scam that, in many ways, is as old as crime, people would know better. But you can’t ignore $687 million in six months.

Time to review that footprint…

Written by Malcolm James

0 Comments

  1. Lisa S. · August 30, 2012

    Yeah, figures convince bosses. Thanks for the data, I will use it. It’s much different when you say a respectable security firm says phishing costs more than $115 million a month, and that this is a lowerish estimate. Many bosses just think all these phishing, spam, scam, etc. stuff is merely a way to pump money for security but when figures speak, this says more to a boss!

  2. Mike Caulter · September 4, 2012

    These days only the crazy bosses, the idiot ones,
    who don’t believe in spam. Most of them fortunately are aware of the problem
    and are desperate for help. However, they don’t have any idea on what to do.
    Hey, even security administrators don’t have the answers either. So I don’t
    expect small-time regular entrepreneurs to have one. But I hope these statistics
    will be a wakeup call for everyone. No one should be foolish these days to
    completely ignore spam. Otherwise, they’re bound to be added to the figures of
    recent victims, and they’re not going to like it one bit.

  3. Steven · September 7, 2012

    Whoa! I did not know spam is that serious! Wow, that is a lot of money, something we desperately need now that the entire world is in recession. What’s the government been doing? I heard the Feds are taking concrete and huge steps on compromises in security certificates, but still I’m not sure if there are any results to the decision. It’s just too sad to realize that nothing—absolutely nothing—can spare us from spam. We simply have to look in our inbox to know this. And the more they come, the more we are exposed to their tricks.

Leave A Reply