Phishers Pedaling Facebook Scams in Record Numbers

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Phishers looking to snag users' personal banking and credit card information have taken a shine to the world's largest social networking site, according to the latest Internet security report from antivirus software vendor Kaspersky Lab.

Through the first three months of 2010, Facebook's share of phishing attacks surged to 5.7 percent, placing it fourth on the list of most-targeted Web sites behind only PayPal, the runaway favorite for phishing attacks -- accounting for more than 52 percent of all scams -- followed by eBay (NASDAQ: EBAY) and HSBC.

In other words, according Kaspersky's first quarter report, more than half of the bogus, malware-infected phishing Web sites were masquerading as PayPal and roughly 6 percent were ruses designed to get Facebook fans to log in and divulge their personal information.

"Facebook popped up unexpectedly in fourth place," researchers said in the report. "This was the first time since we started monitoring that attacks on a social-networking site have been so prolific."

The IRS checked in at 2.2 percent of all phishing attacks while Google (NASDAQ: GOOG) and Bank of America (NYSE: BAC) popped up in 3.1 percent and 1.6 percent of attempted cons, respectively.

Kaspersky Lab officials said the Russian social network VKontakte moved up to 25th place among organizations targeted by phishing attacks in the month of March and is expected to become even more of a target in the months ahead as the network expands beyond Russia to other countries.

"Having stolen users' accounts, the fraudsters can then use them to distribute spam, sending bulk e-mails to the account owners and their friends in the network," the report said. "This method of distributing spam allows huge audiences to be reached."

By zeroing in on social networking sites like Facebook, phishers can take advantage of social networking features, such as the ability to send different requests, links to photos and personalized invitations that are loaded with malware.

If it weren't enough that hackers were trying to trick people into logging on to bogus Facebook pages, they're also using Facebook itself as a marketplace for new malware scams.

Upscale grocer Whole Foods Market was recently targeted by a phishing scam that purported to offer free gift cards to participants who logged onto a malware-laced "fan page."

Kaspersky Lab added that spam now represents about 85 percent of e-mail traffic and that Asia still leads the charge by region. However, the U.S., India and Russia are churning out the most spam by individual countries.

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.