Confused consumers who can't tell real electronic shopping Web sites from fake ones might shun holiday shopping online this year, according to a new survey by MailFrontier Inc. In the study, 29 percent of Internet users indicated they would avoid shopping online this holiday season due to the rise of e-mail scams, the company said.
"Phishing," the widespread practice of stealing personal information via e-mail, is a major problem for both consumers and financial institutions. One estimate earlier this year by Gartner analyst Avivah Litan suggested 2 million had fallen for the trick in the prior 12 months, and con artists continue to be more crafty about the way they construct the look-alike e-mails.
Banks are trying to react to the crisis. Citibank has reduced the amount of money it allows customers to transfer out of checking accounts in response to the phishing epidemic. Daily limits on the firms' Global Transfers program, which allows customers to move money to any Citibank account for $5 or $10 per transfer, was reduced to $500 per day and $1,000 per week in October.
"In the current environment, where there is a lot of phishing and potential fraud, we took preventative security measures by reducing the amount that can be sent," said Citibank spokesman Mark Rodgers. "We hope to up those limits again soon. We have been adding security enhancements to the service."
Meanwhile, consumers are spooked by all the phishing, the MailFrontier survey suggests. Anne Bonaparte, CEO of MailFrontier, said she was surprised that nearly one-third of Internet users said they would avoid online shopping because of fraud. That finding appears to conflict with several reports that have indicated online holiday shopping will rise this year. One, published by Jupiter Communications, indicates 86 million Americans will buy gifts online this year, compared to 73 million online shoppers during the 2003 season.
"It's interesting to see consumers becoming more wary ... but we don't predict holiday shopping will decline. We just think phishing will slow the increase," she said.
About 750 million phishing e-mails will be sent between Thanksgiving and Christmas, according to MailFrontier. Another e-mail security firm, Surf Control, said phishing attacks have grown 1,200 percent since last year's holiday season.
"It's much worse this year then last year," said Susan Larson, vice president of global content at Surf Control. The holiday shopping season represents prime hunting season for phishing criminals, she said. Consumers sometimes lower their defenses during the holidays, and with the flurry of shipping confirmation e-mails that will be sent after orders are placed, there's plenty of scam ideas to choose from.
"Phishing is successful when (criminals) take a topical event and then give it a sense of urgency," she said.
An example might be an e-mail that urges consumers to fill out a form lest their package not arrive in time for the holidays.
Another typical scam involves fake "mischarge notices." Such e-mails tell victims that $100 or more has been charged to their credit card, tricking them into following a link to clear up the matter.
“We’re continuing to see a significant impact on consumer behavior due to the rising threat of e-mail phishing scams,” Bonaparte said. “It is imperative that we raise consumer awareness and continue to stay a step ahead with technology advancements so that online communication and e-commerce continues unhindered.”