Bank Phishing: It Doesn't Take Much For Phishers To Take A Lot

Most people ignore -- and, one hopes, delete unopened -- those phishmails that pose as correspondence from legitimate banks. But even a fraction of a percentage of responses generates millions for the crooks.A new report from security firm Trusteer shows just how much money bank phishers can make from a very few pigeons.

How few?

According to Trusteer's 3-month research project involving 10 banks, only 0.47% of a bank's customers actually fall for an apparently bank-branded phishing scam.

That's enough. Enough, in fact, to generate bank phishing revenues in the millions. The average bank customer who clicks on a phish-link and gives up account information loses $2,000.

What's most frightening about the report is that despite the low overall percentage of customers who click on a phish-link, a high percentage of those customers do give up their log-in info: as high as 45%, according to Trusteer.

No wonder there are so many bank-phishing mails: low overall response is more than offset by a stunning payoff from those who do fall for the scam.

One can take some comfort in the low overall response figures, but the high percentage of those who do fall for phishing scams falling all the way is as discomfiting a statistic as I've seen lately.

The complete Trusteer Bank Phishing Attack Report is here.