[15778] in cryptography@c2.net mail archive
Re: Using crypto against Phishing, Spoofing and Spamming...
daemon@ATHENA.MIT.EDU (Ian Grigg)
Sat Jul 17 19:33:45 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Sat, 17 Jul 2004 18:51:34 +0100
From: Ian Grigg <iang@systemics.com>
To: Florian Weimer <fw@deneb.enyo.de>
Cc: cryptography@metzdowd.com
In-Reply-To: <6.1.2.0.2.20040717090605.0618ab90@mail.comcast.net>
> At 10:46 AM 7/10/2004, Florian Weimer wrote:
>
>> But is it so harmful? How much money is lost in a typical phishing
>> attack against a large US bank, or PayPal? (I mean direct losses due
>> to partially rolled back transactions, not indirect losses because of
>> bad press or customer feeling insecure.)
I estimated phishing losses about a month ago at about
a GigaBuck.
http://www.financialcryptography.com/mt/archives/000159.html
You'll also see two other numbers in that blog entry,
being $5 billion and $400 million (the latter taken
from Lynn's posted articles).
Of course these figures are very delicate, so we need
to wait a bit to get the real damage with any degree
of reliability. Scientific skepticism should abound.
Notwithstanding that, I would suggest that the money
already lost is in excess of the amount paid out to
Certificate Authorities for secure ecommerce certificates
(somewhere around $100 million I guess) to date. As
predicted, the CA-signed certificate missed the mark,
secure browsing is not secure, and the continued
resistance against revision of the browser's useless
padlock display is the barrier to addressing phishing.
iang
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
