A recent Federal Trade Commission (FTC) report indicates that identity theft among Americans decreased during 2005, is flawed, according to Avivah Litan, a Gartner analyst who reported different findings earlier this year. The FTC report, which revealed that 8.3 million adults, or 3.7 percent of Americans over the age of 18, were victimized by ID theft in 2005, drew immediate skepticism from Litan and other security experts.

According to SC Magazine, Litan’s February report stated that 15 million Americans were victimized by some sort of identity theft-related fraud in the 12-month period ending August 2006. Those figures represent a more than-50 percent increase since 2003. However, the FTC report, which surveyed 2,917 people between March 27 and June 11, 2006, showed a dramatic decrease from the 10 million the FTC reported in 2003.

“Consumer surveys have proven to be unreliable methods for gathering absolute numbers on identity theft, although they are useful in ascertaining fraud trends,” said Litan.”Further consumer surveys give an incomplete picture of identity theft losses, since they do not include fraud that occurs when thieves simply make up fictitious identities in order to steal money.”

PCWorld reports that phishing scams are harmful to both consumers and brands. A YouGov poll of 1,960 UK-based consumers conducted for security company Cloudmark, shows that 42% of customers said that their trust in a brand would be damaged by a phishing attack, even though the scam had nothing to do with the company.

Banks, ISPs and social networking sites were brands that would see the biggest negative impact. Cloudmark’s own research has recently shown the Natwest Bank to be the UK brand most likely to be appropriated for phishing scams during October 2007. When it cam to fixing the problem, 40% felt that it was the job of their own and the originating (i.e. the spammer’s) ISP to protect them from the scam, with only 26 percent seeing it primarily as the individual consumer’s job to protect themselves.

“What is interesting to note from these results is that well-known brands are also suffering, with phishing attacks having a detrimental effect on their reputation. This knock-on effect will be particularly worrying for the banks, which rely on a high degree of trust with their customers,” said Cloudmark’s Neil Cook.

Jon Swartz and Byron Acohido of USA TODAY report that a belated — and controversial — report issued by the Federal Trade Commission this week shows that identity theft in the U.S. is down. The FTC reports that 8.3 million adults, or 3.7% of all Americans over the age of 18, were victims of identity theft in 2005. In 2003, 10 million were reported.

The results, released more than three years after the last FTC report, were criticized by computer security experts, who believe that a surge in cybercrime is dramatically increasing identity-theft-related cases.

“The numbers are unreliable,” says Avivah Litan, an analyst at market researcher Gartner. (IT) Litan wrote a report, released this year, that showed an increase in identity-theft among American adults, to 15 million, in the 12-month period ended in August 2006. “The methodology is flawed. I think that’s why they delayed the report,” she says.

The FTC says the percentage of adults in 2005 is statistically close to those in 2003 (4.6% of all adults), indicating there is no dramatic decline in identity theft, says Betsy Broder, the FTC’s assistant director in the division of privacy and identity protection.

Humans have replaced buggy software to become the primary target of online crime, according to the SANS Institute in its annual list of Internet security threats.

“This year for the first time we’re reporting that one of the most critical risks is attacks against people, where attackers focus on executives,” said Alan Paller, director of the SANS Institute. According to Paller, spear-phishing executives and rich people even rated a new term in 2007: It’s called “whaling,” drawing on the Las Vegas habit of referring to rich gamblers as “whales.”

Spear phishing is a highly targeted phishing attack where criminals include information about staff or current organizational issues to trick users into believing the email comes from a trusted organization. The scammers often ask for user names or passwords, or they might tell recipients to download malicious attachments. Attackers can use the stolen information to steal sensitive information, trade secrets, or sensitive financial or other personal information.

According to Paller and the team of security experts SANS assembled to produce this year’s report, spear-phishing expeditions launched against military targets in the United States and other developed countries have been very successful over the past year, with a success rate of 80 percent, making this Internet-borne threat a major priority for military agencies.

On Black Friday, the day after Thanksgiving that is considered the beginning of the traditional Christmas shopping season, Barracuda Networks Inc. reported a more than 10 percent surge in the number of phishing Web sites created and 3 times the number of phishing e-mails sent out.

According to the San Jose Business Journal, Barracuda said the increase in activity indicates that scammers are working to cash in on Black Friday. In many cases, because of the holiday, the sites will go uninterrupted for longer than normal because no one is available to take them offline.

The Thanksgiving surge in phishing Web sites has also created an increase in e-mails sending users to the sites directly by offering special deals or sales, as well as e-mails that attempt to lure the recipient into verifying account information via a link to the phishing site.