While many forms of online mischief require some degree of technical sophistication on the part of the miscreant, we often see forms of attack that are quite simple. One case in point is the phishing attack. In many ways, phishing attacks are at the low end of the totem pole from a technical sophistication standpoint. In fact, ready-made phishing kits can be purchased in the underground economy (though the buyer should beware!), and many aspects of the attack can effectively be outsourced.
For a while, banking and other financial services sites bore the brunt of the phishers’ attention spans. It’s not surprising. Phishing is a financially motivated crime, so to understand the modus operandi of a phisher, all you have to do is follow the money. During the last year and a half or so we have noticed an interesting trend, in that social networking sites have become a much more popular target for phishers.
A new wave of phishing attacks on Facebook users is underway. You’ll remember the story from several months back of someone whose login credentials were stolen and then the crook used that Facebook access to swindle the victim’s friends out of thousands of dollars. The current effort resembles that one, in that a compromised account sends a malicious link to friends. The friends click on the link and are taken to a site that looks just like a Facebook login page. Providing the criminals with their login and password can sometimes injure the victim beyond the damage to their social network.
So many of us admit we use the same password on multiple accounts (not just with social networks but online shopping and banking). It is believed that the focus on...
