Phishers target Facebook again

By Staff Writer for Symantec

Johannesburg, 18 Jun 2009

Security solution giant Symantec has discovered a new way in which fraudsters are using Facebook to phish for confidential information.

Symantec's June phishing report says it suspects the initial Facebook phishing attack used forged spam e-mail. However, according to Symantec, once the user accounts became compromised, the attacks were most likely initiated through Facebook itself.

According to the company, the domains hosting the phishing sites are a jumble of generated names all of which include a country code (.im, .at or .be). Most of these phishing sites are based out of Latvia and China.

Symantec states in its phishing report: “The purpose of phishing attacks towards popular information service sites are primarily to obtain a large number of credentials and leverage e-mail services for spamming activities.

“Fortunately, the team at Facebook regarded the phishing attacks very seriously and worked diligently to remove messages with those links, and helping secure any compromised accounts.”

Uri Rivner, head of new technologies, identity protection and verification at RSA (the security division of EMC), said at the ITWeb Security Summit, last month, that cyber criminals are increasingly targeting social networking sites such as Facebook, Classmates.com, MySpace and YouTube by infecting sites with Trojans. He noted that phishing is a mainstream tool for fraudsters.

With more than 200 million users, Facebook is the biggest target for phishing attempts when compared with other social networking sites such as MySpace and Twitter.

Last month, Facebook reported an e-mail phishing scheme luring users to a fraudulent Web link. The link leads unsuspecting users to a fake Facebook site and users give in their passwords in order to gather confidential information.

Harmful hosts

Symantec says 42% of phishing URLs were generated using phishing toolkits in June. This is 100% increase from the previous month, the company says. There was a 14% decrease from the previous month in non-English phishing sites.

More than 98 Web hosting services were used, which accounted for 6% of all phishing attacks. Symantec says this is a decrease of 5% from the previous month.

According to Symantec, free Web hosting services are the easiest form of phishing targets in terms of cost and technical skill required to develop fake sites. The report reveals that 98 different Web hosting services served as the home for 1 434 phishing sites. More than 52 brands were attacked using this method during the past month.