Increasing reports of lost consumer data files and disclosures of unauthorized access to sensitive personal data are taking a toll on consumers' confidence in online commerce, according to Gartner.

A Gartner survey of 5,000 US adults showed that phishing attacks grew at double-digit rates last year in the US.

Phishing is the act of sending an email to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The email directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.

In the 12 months ending in May 2005, an estimated 73 million US adults who use the Internet said they definitely, or think that, they received an average of more than 50 phishing emails in the past year.

The number of consumers receiving phishing attack emails increased by 28 per cent in the 12 months ended in May 2005 compared with the 12 months ended in April 2004, according to the Gartner data.

Stolen money

In last year's survey, an estimated 57 million US adults reported that they definitely, or think, that they received a phishing attack email. In both surveys, 5,000 participants were selected to match demographic characteristics of the US online population.

The survey found that 2.4 million online consumers reported losing money directly because of the phishing attacks. Of these, approximately 1.2 million consumers lost $929 million during the year preceding the survey. Survey participants indicated that most of the money stolen was repaid by banks and credit cards.

Gartner analysts said most online consumers do not open email from companies or individuals they do not know from prior experience. Three of every four online shoppers said they are more cautious about where they buy goods online, and one of three report buying fewer items than they otherwise would because of security concerns.

"Companies need to take steps quickly to beef up online security," says Avivah Litan, vice-president and research director at Gartner. "We are seeing unprecedented levels in consumer transactions online. Yet businesses cannot rely on the Internet to lower costs and improve marketing efforts indefinitely if consumer trust continues to decline."

Serious implications

More than 80 per cent of US online consumers said their concerns about online attacks have affected their trust in email from companies or individuals they do not know personally. Of these consumers, more than 85 per cent delete suspect email without opening it.

"This figure has serious implications for banks and other companies that want to use the email channel to communicate more cost-effectively with their customer base," Litan says.

"For example, a bill sent electronically costs about half of what a bill costs when sent through regular mail."

Phishing attacks are not slowing down. More than 40 per cent of the adults who received phishing attack emails received them in the two weeks preceding the survey; another 23 per cent of respondents said they received these emails two weeks before that – so more than 63 per cent of consumers who received one of these emails did so in the month prior to the survey.

"In general, consumers expect companies they do business with to provide secure online communications and to protect consumer data from thieves at no additional cost to consumers," Litan says.

"They want guarantees – authentication – from merchants and other businesses that their Web sites are genuine. Consumers want this reaffirmed every time they go online."

undetected access

Approximately 77 per cent of online Americans shopped online in the 12 months ended in May 2005, according to Gartner. An estimated 73 per cent of respondents regularly logged on to banking accounts and 63 per cent paid bills online.

"While online banking customers continue to access bank accounts over the Internet, they are changing their usage patterns," Litan says.

"Nearly 30 per cent of the online bankers say that online attacks have influenced their online banking activities. Over three-quarters of this group log in less frequently, and nearly 14 per cent of them have stopped paying bills via online banking."

In the survey, nearly twice as many consumers said they worry more about thieves getting undetected access to private credit reports and other sensitive financial data than defending against phishing attacks.