Fans of the venerable Monty Python and the Holy Grail will undoubtedly remember the classic scene at the Bridge of Death, when the bridgekeeper confronts the knights of Camelot with three questions each. Brave Sir Galahad, of course, can’t get it straight when the old man asks him, “What is your favorite color?” Sir Galahad answers, “Blue…no! Yelloooooww!” and is surreptitiously tossed into the Chasm of Death. Funny stuff, right? Not so funny is the current state of phishing – similar to Sir Galahad, the IT industry can’t seem to get it right when it comes to the financial impact of phishing, and this week, we call them out for it.
We all know that somewhere, somehow, spam sucks-in someone for some serious shekels (bet you can’t guess that I’m a fan of alliteration!). It’s been a sad fact of life in the modern era for as long as email has been around. As you read this, some poor, unsuspecting schmuck who doesn’t understand technology enough is about to click a link that represents the gateway to financial doom and destitution; and before you don your fluffy bunny (or, in my case, Spiderman) pajamas tonight, drink your glass of warm milk (or pop an Ambien) and tuck yourself into your feather (race car) bed, an inconceivable host of naïve web surfers will have somehow compromised their safety, all from the perceived safety of the walls of their own homes.
But is that host of patsies innumerable? Some might think so, but just how far off are the estimates of the untold wealth being bilked from honest citizens? How much money are the creeps who phish really getting away with?
“I Don’t Get It, and I Don’t Care”
An eye-opening article by Terry Zink uncovers some uncomfortable truths about the understanding that we have of this modern-day plague, and it brings to bear an accusatory finger which points squarely at the heart of the problem. It ain’t pretty, either, because the true criminal in the ongoing war is apathy. Zink points out that the huge black eye suffered this week by UBS is an example of how law enforcement excels at bringing down white collar criminals; but the other ‘white collar criminals’ – spammers and phishers – go largely unidentified and unprosecuted. Zink points out that “phishers and scammers get away with it because they can: nobody goes after them, and when they do it is extremely rare.”
“I Can Tell You, but You Won’t Like It”
He backs it up with some pretty compelling evidence, too. According to multiple, reliable sources, the financial impact of phishing scams looks like a shopping list made by someone with Multiple Personality Disorder:
- $3.2 billion in 2007 according to Gartner
- $137 million in 2004 according to TRUSTean
- $60 million in 2008 according to Microsoft
- $500 million in 2004 according to the Ponemon Institute
- Not even in the top 5 threats according to Paypal
- $100 million in losses according to the FBI
- $250 million per year over the past couple of years according to Consumer Reports
- $2.3 million per one million customers of banks according to Trusteer
As Zink points out, the disparity between these numbers is not only glaring, in fact it’s downright distressing. That no one really understands how big this problem is, is in fact the only takeaway from these numbers.
“Get Your Act Together”
Zink considers that no one has really conducted a good study of the financial impact of phishing scams, and while that may be true, there are also other considerations. Some people who get scammed never report it, perhaps because they’re too embarrassed to tell anyone. Corporations normally remain tight-lipped when they’ve been successfully scammed, because that kind of news breeds investor and consumer apprehension. But the malaise which threatens us every day from within the confines of our inboxes grows like a festering wound, and the only way to combat it is to find some sort of solidarity amongst those of us who wish to stamp out the insects.
In short, if we don’t want to be tossed into the Chasm of Death, then we had better get our act together and come up with a response that will ensure our safe passage. That’s why this week, I’m calling out those groups above, and others not listed in that group (beginning but not ending with law enforcement), who can’t seem to get their story straight and don’t seem motivated to understand what we’re up against. Fix the problem, or remain part of it.
Now, for an Ambien and a good night’s sleep in my race car.