While only a small percentage of online banking customers actually click on phishing emails, nearly half of those who do give away their login credentials, according to research released this week by online security vendor Trusteer.
The research was based on a sample of more than 3 million users of Trusteer's Rapport browser security service, who are customers of 10 large banks in the U.S. and Europe.
About 1% of online banking customers click on links in phishing emails, but approximately half of those users submit login credentials to the phony bank website they are redirected to, the study showed.
Based on its findings, New York-based Trusteer estimates that losses attributed to phishing could cost banks between $2.4 million and $9.4 million annually, per one million users. The estimate assumes that the loss per compromised account ranges from $500 to $2,000 per compromised account.
The company said that while there is a lot of research on phishing attacks, data on how successful the attacks has been elusive. Trusteer's The company's Rapport service, which includes a browser plug-in and cloud-based analysis, secures browser communication and can detect when a user tries to submit data to phishing sites.