Using crypto against Phishing, Spoofing and Spamming...
Ian Grigg
iang at systemics.com
Sat Jul 17 13:51:34 EDT 2004
> At 10:46 AM 7/10/2004, Florian Weimer wrote:
>
>> But is it so harmful? How much money is lost in a typical phishing
>> attack against a large US bank, or PayPal? (I mean direct losses due
>> to partially rolled back transactions, not indirect losses because of
>> bad press or customer feeling insecure.)
I estimated phishing losses about a month ago at about
a GigaBuck.
http://www.financialcryptography.com/mt/archives/000159.html
You'll also see two other numbers in that blog entry,
being $5 billion and $400 million (the latter taken
from Lynn's posted articles).
Of course these figures are very delicate, so we need
to wait a bit to get the real damage with any degree
of reliability. Scientific skepticism should abound.
Notwithstanding that, I would suggest that the money
already lost is in excess of the amount paid out to
Certificate Authorities for secure ecommerce certificates
(somewhere around $100 million I guess) to date. As
predicted, the CA-signed certificate missed the mark,
secure browsing is not secure, and the continued
resistance against revision of the browser's useless
padlock display is the barrier to addressing phishing.
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list