At 10:46 AM 7/10/2004, Florian Weimer wrote:
But is it so harmful? How much money is lost in a typical phishing attack against a large US bank, or PayPal? (I mean direct losses due to partially rolled back transactions, not indirect losses because of bad press or customer feeling insecure.)
I estimated phishing losses about a month ago at about a GigaBuck.
http://www.financialcryptography.com/mt/archives/000159.html
You'll also see two other numbers in that blog entry, being $5 billion and $400 million (the latter taken from Lynn's posted articles).
Of course these figures are very delicate, so we need to wait a bit to get the real damage with any degree of reliability. Scientific skepticism should abound.
Notwithstanding that, I would suggest that the money already lost is in excess of the amount paid out to Certificate Authorities for secure ecommerce certificates (somewhere around $100 million I guess) to date. As predicted, the CA-signed certificate missed the mark, secure browsing is not secure, and the continued resistance against revision of the browser's useless padlock display is the barrier to addressing phishing.
iang
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]