According to Trusteer's 3-month research project involving 10 banks, only 0.47% of a bank's customers actually fall for an apparently bank-branded phishing scam.
That's enough. Enough, in fact, to generate bank phishing revenues in the millions. The average bank customer who clicks on a phish-link and gives up account information loses $2,000.
What's most frightening about the report is that despite the low overall percentage of customers who click on a phish-link, a high percentage of those customers do give up their log-in info: as high as 45%, according to Trusteer.
No wonder there are so many bank-phishing mails: low overall response is more than offset by a stunning payoff from those who do fall for the scam.
One can take some comfort in the low overall response figures, but the high percentage of those who do fall for phishing scams falling all the way is as discomfiting a statistic as I've seen lately.