STAMFORD, Conn.–(BUSINESS WIRE)–June 23, 2005–Increasing reports of lost consumer
data files and disclosures of unauthorized access to sensitive personal data are
taking a toll on consumers’ confidence in online commerce, according to Gartner
Inc., the world’s largest technology research and advisory firm.
A Gartner survey of 5,000 U.S. adults showed that phishing attacks grew at double-digit
rates last year in the United States. In the twelve months ending in May 2005,
an estimated 73 million U.S. adults who use the Internet said they definitely,
or think, they received an average of more than 50 phishing e-mails in the past
The number of consumers receiving phishing attack e-mails increased 28 percent
in the 12 months ended in May 2005 compared with 12 months ended in April 2004,
according to the Gartner data. In last year’s survey, an estimated 57 million
U.S. adults reported that they definitely, or think, they received a phishing
attack email. In both surveys, 5,000 participants were selected to match demographic
characteristics of the U.S. online population.
2.4 million online consumers report losing money directly because of the phishing
attacks. Of these, approximately 1.2 million consumers lost $929 million during
the year preceding the survey. Survey participants indicated most of the money
stolen was repaid by banks and credit cards.
Impact on Consumer Trust
Gartner analysts said most online consumers do not open e-mail from companies
or individuals they do not know from prior experience. Three of every four online
shoppers said they are more cautious about where they buy goods online, and
one of three report buying fewer items than they otherwise would because of
”Companies need to take steps quickly to beef up online security,”
said Avivah Litan, vice president and research director at Gartner. ”We
are seeing unprecedented levels in consumer transactions online. Yet businesses
cannot rely on the Internet to lower costs and improve marketing efforts indefinitely
if consumer trust continues to decline.”
More than 80 percent of U.S. online consumers said their concerns about online
attacks have affected their trust in e-mail from companies or individuals they
don’t know personally. Of these consumers, more than 85 percent delete suspect
e-mail without opening it.
”This figure has serious implications for banks and other companies that
want to use the e-mail channel to communicate more cost-effectively with their
customer base,” Ms. Litan said. ”For example, a bill sent electronically
costs about half of what a bill costs when sent through regular mail.”
Phishing attacks are not slowing down. More than 40 percent of the adults who
received phishing attack e-mails received them in the two weeks preceding the
survey; another 23 percent of respondents said they received these e-mails two
weeks before that – so more than 63 percent of consumers who received one of
these e-mails did so in the month prior to the survey.
”In general, consumers expect companies they do business with to provide
secure online communications and to protect consumer data from thieves at no
additional cost to consumers,” Ms. Litan said. ”They want guarantees
– authentication – from merchants and other businesses that their Web sites
are genuine. Consumers want this reaffirmed every time they go online.”
Implications for Online Banking
Approximately 77 percent of online Americans shopped online in the 12 months
ended in May 2005, according to Gartner. An estimated 73 percent of respondents
regularly logged on to banking accounts and 63 percent paid bills online.
”While online banking customers continue to access bank accounts over
the Internet, they are changing their usage patterns,” Ms. Litan said.
”Nearly 30 percent of the online bankers say that online attacks have influenced
their online banking activities. Over three-quarters of this group log in less
frequently, and nearly 14 percent of them have stopped paying bills via online
In the survey, nearly twice as many consumers said they worry more about thieves
getting undetected access to private credit reports and other sensitive financial
data than defending against phishing attacks.
Consumer Response to Government Action
The U.S. government recently mandated that consumers be given unlimited free
access to their credit reports by September. The goal is to make it easier for
consumers to monitor any unauthorized requests for credit. Yet few consumers
believe the step will be ”extremely effective” in shielding them from
identity-theft schemes, according to the survey. In contrast, nearly one third
are ”extremely concerned” that they will suffer some type of identity
theft fraud due to unauthorized access to their data.
Phishing occurs when a cyber thief sends an e-mail with a link to a false Web
site. The false sites typically are disguised to look like sites of banks or
well-known e-commerce merchants. Recipients of these e-mail attacks are asked
to provide personal account information.
Gartner, Inc. (NYSE: IT and ITB) is the leading provider of research
and analysis on the global information technology industry. Gartner serves more
than 10,000 clients, including chief information officers and other senior IT
executives in corporations and government agencies, as well as technology companies
and the investment community. The Company focuses on delivering objective, in-depth
analysis and actionable advice to enable clients to make more informed business
and technology decisions. The Company’s businesses consist of Research and Events
for IT professionals; Gartner Executive Programs, membership programs and peer
networking services; and Gartner Consulting, customized engagements with a specific
emphasis on outsourcing and IT management. Founded in 1979, Gartner is headquartered
in Stamford, Connecticut, and has over 3,900 associates, including more than
1,100 research analysts and consultants, in more than 75 locations worldwide.
For more information, visit www.gartner.com.