Why are phishers targeting Social Networking sites?
Posted by Minal Pithia on Tue, Jun 30, 2009
Real time information is moving faster online more than ever before. As a result, phishers and spammers are changing their strategies and are becoming smarter when it comes to their target, and how to lure people into giving their personal information.
The growing popularity of social networking sites such as, Facebook, My Space and Twitter shows the change in phishing schemes. The internet has become more conversational and more people are using these social networking sites to build their own personal space online; containing information about their personal identity such as, interests, family/friends and business associates. Recently, a new scam hit Facebook users in which it sends a user to a websites that steals their login information and downloads malware on to their computer. So, how are Phishers making money by Facebook login details? Phishers are hoping that these passwords are same as the users other accounts, most importantly bank accounts. Also, obtaining information about people like their name, email addresses and etc, phishers are able to develop more successful phishing scams by customizing emails to include, for instance, a person's name and address inside phishing email's purporting from the banks. It looks like social networking sites are great tools for phishers because of the familiarity and an email supposedly from a friend looks more legitimate. Looking to the future, many people think that social networking sites will be used for phishing sites against corporations. This is why educating employees about phishing is extremely important. "Still, with companies looking to Twitter to reach out to customers, spear phishers may soon have a fantastic weapon to target enterprises" (Prince, 2009):
Phishers are also trying to find new ways to fight anti-abuse tools.
A study by the APWG for 2008 found phishers using sub-domain services to host and manage phishing sites. This trend shows that phishers are migrating to services that are difficult to take down by registrars and unfortunately, this effects takedown time. The registrar is only responsible for providing registration services for the primary domain and since sub-domains are a form of DNS, registrars don't have control over it.
They are careful to pick and choose their registrars and target specific top level domains with weak or non-existing polices. They are also not using International domain names and there is a decrease in IP address phishes. VE (Venezuela) and TH (Thailand) were the top 2 TLD's used in 2008 .VE registry was taken advantage of as phishers registered domains to target an attack against EBay and PayPal.
For more details about the APWG report you can view it here:
It looks like phishers are always on the go, finding new ways and specific targets when launching their attacks.