The damage caused by phishing ranges from loss of access to email to substantial financial loss. This style of identity theft is becoming more popular, because of the ease with which unsuspecting people often divulge personal information to phishers, including credit card numbers, social security numbers, and mothers’ maiden names. There are also fears that identity thieves can add such information to the knowledge they gain simply by accessing public records. Once this information is acquired, the phishers may use a person’s details to create fake accounts in a victim’s name, ruin a victim’s credit, or even prevent victims from accessing their own accounts.
It is estimated that between May 2004 and May 2005, approximately 1.2 million computer users in the United States suffered losses caused by phishing, totaling approximately US$929 million. U.S. businesses lose an estimated US$2 billion per year as their clients become victims. In the United Kingdom losses from web banking fraud — mostly from phishing — almost doubled to £23.2m in 2005, from £12.2m in 2004, while 1 in 20 users claimed to have lost out to phishing in 2005.
The UK banking body APACS‘ stance is that “customers must also take sensible precautions…so that they are not vulnerable to the criminal.” Similarly, when the first spate of phishing attacks hit the Irish Republic’s banking sector in September 2006, the Bank of Ireland initially refused to (and still insists that its policy is not to) cover losses suffered by its customers, although losses to the tune of €11300 were made good.
Source : wikipedia