And on that I disagree..
Losses keep escalating over the years.. The IT bank peps are behind the power curve and much of it really goes unreported as individual banks struggle for competition. Friend in the business told me it is embarrassing.
The cost of phishingPhishing FAQs
The cost of phishing
»www.brandprotect.com/catching-a- ··· ish.html
Damage caused by phishing
The damage caused by phishing ranges from denial of access to e-mail to substantial financial loss. It is estimated that between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by phishing, totaling approximately US$929 million. United States businesses lose an estimated US$2 billion per year as their clients become victims. In 2007, phishing attacks escalated. 3.6 million adults lost US$3.2 billion in the 12 months ending in August 2007. Microsoft claims these estimates are grossly exaggerated and puts the annual phishing loss in the US at US$60 million. In the United Kingdom losses from web banking fraudmostly from phishingalmost doubled to GB£23.2m in 2005, from GB£12.2m in 2004, while 1 in 20 computer users claimed to have lost out to phishing in 2005.
The stance adopted by the UK banking body APACS is that "customers must also take sensible precautions ... so that they are not vulnerable to the criminal." Similarly, when the first spate of phishing attacks hit the Irish Republic's banking sector in September 2006, the Bank of Ireland initially refused to cover losses suffered by its customers (and it still insists that its policy is not to do so), although losses to the tune of 11,300 were made good.
But back to this "possible" particular attack vector when added to a badboy kit out there and perfected..I think 10% of the people that would test it not knowing what it would do..would do the clicks and input the info.
I see it as a technical vulnerability coupled with the fact the most people that do on-line banking on all devices ..not just PC at home..are not that tech savy..they just want to do the deed and get on with their lives.
My hope is that all browsers..on all devices "out of the box" have a way to stop it without third party proggies.
Back in 2010..
The rise of Zeus is an alarming development, as Zeus is particularly resistant to detection. According to a recent study by Trusteer involving 10,000 computers, 55 percent could not find and remove Zeus, even though they were equipped with the latest updates of their security and antivirus software.
Traditional bank phishing now comprises about 50 percent of overall phishing, down from almost 60 percent in Q2 2009.
»www.securityweek.com/cybercrimin ··· us-rises
Phishing attacks as a whole increased 86 percent across the world.
India bands saw a huge increase. The jump from May to April was 187 percent, with every attacked brand being from the banking sector.
»www.proofpoint.com/about-us/secu ··· 00806760
Zeus is not dead and now you have Citadel and Gameover. Christmas is coming..hang on to your short. Citadel is "sold" with support. They don't just sell the trojan.
»www.bankinfosecurity.com/citadel ··· 085/op-1
Gameover is just plain nasty.--
Gladiator Security Forum