Microsoft warns of social networking phishing threat

Microsoft is warning users of social networking sites to be on their guard after its latest Security Intelligence Report found an increase of over 1,200 per cent in phishing using social networking sites as a lure.

This 10th edition of the report focused on the second half of 2010, and pointed to a significant increase in the use of social networking sites by cyber criminals keen to harvest personal and financial details to hack into bank accounts or sell on underground forums.

Social networking as a lure increased from a low of 8.3 per cent of all phishing in January to a high of 84.5 per cent in December 2010.

Users of such sites are often more trusting of content, and are therefore more likely to click through to phishing sites and other malicious content.

Microsoft also noted that the return on investment is much greater for phishers if they target social networks, because only a handful of popular sites represent the majority of users.

However, the majority of phishing incidents remained targeted at financial sites, accounting for between 78 and 91 per cent of phishing attacks each month.

More generally, Microsoft discerned two main strands to cyber crime behaviour during the period.

The first involves highly targeted and well-researched attacks aimed at extorting large amounts of money from high-value targets, while the second uses social engineering and simple exploits designed to take small amounts of money from large numbers of people.

Scareware, adware and phishing all fall into the latter category and have all increased over the second half of 2010, said Microsoft.