Slashdot Mirror
3.2 Billion Dollars Lost to Phishing in 2007
mrneutron2003 brings us FastSilicon's summary of a Gartner survey which found that 3.2 billion dollars were lost in 2007 to phishing scams. "Gartner's latest survey into the realm of phishing attacks paints a rather bleak picture for 2007, with a record estimated loss of $3.2 Billion (that's Billion, with a B) U.S. Dollars. Overall loss per incident fell (to $886 from $1,244 lost on average in 2006) but the numbers of individuals who fell victim rose quite sharply from 2.3 Million in 2006 to a staggering 3.6 Million. Though online portals Paypal and eBay remained the most spoofed brands, it appears phishers are getting more creative utilizing fake electronic greetings cards, foreign businesses, and charitable organizations in their attacks on consumers. Furthermore these criminals are increasingly targeting debit card and banking credentials rather than credit cards, because the fraud protection mechanisms there are far weaker, according to a study done at The University of California at Berkeley.
Get yourself a disposable credit "debit" card from any discount store (Wal*Greens, etc). GreenDot is very popular with the black market types. You can even use it on gambling sites, supposedly.
The best part of the disposable cards is that you can cap the spending without fees. If you're buying something for $500, put $500 on it, and don't refill it. A few times a year they have deals where the cards are free as is the first deposit, so pick up a few grand worth of them at various levels and you're set.
From what I know of the people who use them alot (google Rosemont, Illinois), they're also a great way to exchange money without anyone tracking it. Just what I've heard, though.
That all depends on your bank. I got my debit card duplicated and somebody took $500 out of my account. The bank called me up before I even noticed the money was missing. They asked if I made the charge. I said I didn't, and the money was back in my account within 5 days. I had to go down to my local branch and pick up a new debit card, but there was very little trouble on my part. Just as a reference, my bank is TD Canada Trust.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
The reason credit cards are better is because the protections they have are enshrined in law. Debit card fraud protection isn't - it's only between you and your bank. That's where the $50 protection comes in - if your credit card is stolen, you're only responsible for the first $50 used while it was stolen (even if you didn't realize until later). Now, some banks actually make it "no liability" and eat the $50 as well, but like debit cards, that's between you and your bank.
Now, imagine your debit card is stolen (or more commonly, duplicated with information stored from illicit debit machines). As far as your bank is concerned, you've been withdrawing the money as normal.
Finally, consider the illicit charge that happens. With a credit card, the money is the bank's (or Visa/Mastercard/Amex/etc) money. They will lean on the merchant to offer proof that you made the transaction (hence the little credit card slip you sign), since that's a contract. If not, they take the money from the merchant and reimburse you.
Now try a debit card. The bank can't tell that it wasn't you that made the trasaction. In fact, it could be you trying to scam free money off the bank. All the bank has is a record that your card was used to withdraw cash from your account (your money) that you claim you never withdrew.
This should be a call for better debit card security, but until then, proving you didn't take your money is a lot harder than having the merchant prove you did make the purchase. Since it's not the bank's money, they can investigate as long as they like, while you're out of the money for the duration. Now some banks may offer cardholder services that make it similar to credit card in protection, but they don't have to. (A more practical aspect - if your credit card was used illicitly, you're not out the money immediately, so you can sustain yourself. If your debit card was used illicitly, you're out the cash until your bank refunds it. This can mean not having money for food and shelter...)
Just FYI - the signature on the back of your credit card is used to indicate that you agree to the cardholder's agreement. It is not, and should not, be used as a signature reference. That slip you sign is a contract saying you will pay the amount shown as per the cardholder's agreement (which your signature on the card verifies). Thus, "Check ID" is not a valid signature on the card, and the store is right in refusing your card since you technically did not agree to the terms of your cardholder agreement (which naturally includes stuff like paying back the money you borrowed!). The cashier, unless they are trained in handwriting analysis, can't really compare signatures (and shouldn't). They can do a quick verification to make sure that you're not playing games, but that's about it.
Stores that tend to attract a lot of fraudulent activity may request ID, though.
It's also why e-commerce is slightly more vulnerable to credit card
Email Address: Raymond.A.Carnine@dodgit.com,
Slashdot password is: "imFishingYouberleethaxors"
Visa: 4916 7995 1982 5659
Expires: 5/2008
oh, and you may need this: SSN: 381-80-6521
Thanks!!!!
Raymond A. Carnine
4882 Prudence Street
Farmington Hills, MI 48335
Actually, I would say that it is quite a bit different. A fool might be duped into believing the sales pitch of enlargement pills or that a Nigerian prince can't find anyone to accept money, but the point of phishing is to establish a false sense of security where the victim believes they're dealing with a secure, reputable business - usually one where they already have a solid relationship. I can see a lot of people falling for well-designed, sophisticated phishing attacks.
This space intentionally left blank.
for anyone else thats fed up of this guy - this greasemonkey script shows the actual tinyurl destination in the tooltip when you hover over it.
and if you dont want to run greasemonkey directly - convert it into a standalone firefox extension
Hmmm now you have me thinking. I've had 2 banks where this happened to me. Actually, no, a bank and a credit union. The Bank gave me a HUGE hassle, I'd purchased a few things online in the months before and then over a 2 day period someone with my card number purchased over 800$ worth of things online. They never called me, I had to call my bank on it. They made me pay for a replacement card and ALMOST had me convinced that I had to buy some sort of insurance if I wanted to get reimbursed (scammy, eh?) Turns out the insurance isn't mandatory, it's just like a VIP club for those who apparently have this happen to them often.
The Credit Union? They called me, they stopped my card instantly, they sent me a new one (I just had to fax my signature.) They even opened a police report in L.A. where the perp lived (dumbass used the number to buy gas in a few different stations.)
He was never caught but let's just say the bank no longer has my business.