Based on other studies, the researchers reckon that 0.37 per cent of web-users hand over their identity credentials in response to phishing frauds every year. Not all those – perhaps less than half – will suffer financial fraud as a result, because attempts at fraud might be blocked or detected, phishing servers might be seized before credentials are used or online accounts may simply have no funds to loot, among other reasons.
Assuming all those that do lose out suffer median losses gives an estimated loss of $61m a year in the US, a figure 50 times lower than that suggested by other studies.
Uh, guys? The median is the most common number. It’s useful for calculating what most people experience, but that’s precisely because it doesn’t capture the extremes that the arithmetic mean does.
Sure, the average person in a bar doesn’t become a billionaire when Bill gates walks in the door, but if you’re trying to calculate the total net worth of everyone in the place you can’t use a measure that just ignores the guy.