Sharp Rise In Phishing On Social Networking Sites: Microsoft Security Intelligence Report

Microsoft Corporation released the tenth volume of its Security Intelligence Report, which noted that users of social networking sites are being targeted increasingly by cybercriminals. The report highlights an increase of over 1200 per cent in phishing through social networking sites.

In India, over 50 million users of social networking sites such as Facebook, Orkut, LinkedIn and Twitter are exposed to threats, the company has said. Phishing via social networks increased from a low of 8.3 per cent of all phishing attacks in January 2010 to a high of 84.5 per cent by December 2010.

The report, which was conducted between July to December 2010, gathered data from more than 600 million systems worldwide.

"Social networking is on a high and these sites have created new opportunities for cybercriminals to not only directly impact users, but also friends, colleagues and family through impersonation. These techniques add to an existing list of social engineering techniques, such as financial and product promotions, to extort money or trick users into downloading malicious content," said Sanjay Bahl, Chief Security Officer, Microsoft India.

In the Indian context the most common category was Worms, which affected 42.5 per cent of all infected computers, and miscellaneous Trojans, which affected 33.9 per cent of all infected computers and finally miscellaneous potentially unwanted software, which affected 33.7 per cent of all infected computers. Cybercriminal Behaviour Changing

The findings indicate a variance in cybercriminal behaviour.  There is a considerable increase in the use of "marketing-like" approaches and deception tactics to steal money from consumers.

The sophisticated criminals pursue high-value targets with large payoffs while other cybercriminals use more available attack methods to take small amounts of money from a large number of people. These attack methods include the use of rogue security software, phishing through social networks, and adware, which have increased in prevalence since 2010. Attackers continue to use false claims that look like legitimate marketing campaigns and product promotions. Six of the top ten most prevalent malware families in the second half of 2010 fall into these categories of attack methods. Recently, spams using the news of Osama Bin Laden's death was also seen in the wild within three hours of the event, to know more about this read here.

Additionally, rogue security software, or scareware, has quickly become one of the most common ways for cybercriminals across the globe to acquire money and private information from unassuming computer users.

"With more consumers and devices coming online every day, cybercriminals now have more opportunities than before to deceive users through attack methods like adware, phishing and rogue security software. It's becoming increasingly difficult for consumers to decipher legitimate communications and promotions given the sophistication of tools criminals are using, so it's more important than ever to provide information and guidance about these online threats to increase protections and awareness." said Graham Titterington, Principal Analyst, Ovum.