In an analysis of e-mail-based fraud released yesterday, network giant Cisco quantified what newspaper headlines over the past year have made clear: cyberfraud has shifted from mass, generalized attacks to very specific spearphishing hits that harness stolen user information to dupe unwitting consumers (such as bank customers and cardholders) into divulging account information.

Like what you see? Click here to sign up for Insurance Networking News weekly newsletter to get the latest on breaking industry news, carrier technology implementations and developing business and technology trends.

Classic e-mail fraud is down. Cisco says the overall volume of spam has dropped from 300 billion e-mails in June 2010 to 40 billion in June 2011. The money cybercriminals make from mass e-mail-based attacks has declined more than 50 percent from $1.1 billion to $500 million in that same timeframe.

But targeted, malicious attacks, which often involve the theft of e-mail addresses and account information—this is what has made data breaches such as Epsilon’s and Citi’s so devastating—have grown. “By using more personalization tools, the user conversion rates for the better-crafted scams and malicious attacks have increased significantly in the last year,” the Cisco report states. “In addition, the average user loss caused by the malware or scam employed has increased because of the information shared.” The amount fraudsters make from such targeted attacks has grown from $50 million to $200 million over the past year.

The Cisco report also points out that the hit to an organization’s reputation is far greater than the direct monetary losses it typically suffers through cyberfraud. The analysis estimates that the reputation cost per infected user is $1,900, or 6.4 times that of the direct monetary loss.

Similar Posts:

• Jackson, NYL Find Fertile Ground for Annuities
• Marine liability insurance claims surge
• Investment Bank Bearish on Insurers
• Florida Property Insurer May Be Missing Mail
• The Cybersecurity Challenge