Spam Fraud Down, Targeted Phishing Attacks Up 400%, Cisco Analysis Finds

In an analysis of e-mail-based fraud released yesterday, network giant Cisco quantified what newspaper headlines over the past year have made clear: cyberfraud has shifted from mass, generalized attacks to very specific spearphishing hits that harness stolen user information to dupe unwitting consumers (such as bank customers and cardholders) into divulging account information.

Classic e-mail fraud is down. Cisco says the overall volume of spam has dropped from 300 billion e-mails in June 2010 to 40 billion in June 2011. The money cybercriminals make from mass e-mail-based attacks has declined more than 50 percent from $1.1 billion to $500 million in that same timeframe.

But targeted, malicious attacks, which often involve the theft of e-mail addresses and account information—this is what has made data breaches such as Epsilon’s and Citi’s so devastating—have grown. “By using more personalization tools, the user conversion rates for the better-crafted scams and malicious attacks have increased significantly in the last year,” the Cisco report states. “In addition, the average user loss caused by the malware or scam employed has increased because of the information shared.” The amount fraudsters make from such targeted attacks has grown from $50 million to $200 million over the past year.

The Cisco report also points out that the hit to an organization’s reputation is far greater than the direct monetary losses it typically suffers through cyberfraud. The analysis estimates that the reputation cost per infected user is $1,900, or 6.4 times that of the direct monetary loss.

The study can be found here.

This article originally appeared on SourceMedia's Bank Technology News site.