According to two reports released by the security company Symantec, phishers and spammers are coming up with new ways to attack their victims. In the past they almost exclusively relied on forged emails and web sites. Now, social networking sites like Twitter and Facebook can be added to their lists of targets.
“It is important that end users are educated and it is important that IT managers take measures against attacks,” said Dermot Harnett, Symantec’s senior director of anti-spam engineering and a co-author of the State of Spam and State of Phishing monthly reports.
“There are products — not just Symantec’s — that managers can use. It is important that we as a community protect ourselves,” Harnett told InternetNews.com.
The attackers often use forged emails to initially gain access to an unsuspecting user’s Facebook account, but once they are in the door, they can rely solely on Facebook to spread their spam or phishing scheme. They try to acquire private information until they have enough to get what they are really after: money. Their ultimate goal is still to get bank account information and credit card numbers. Phishers also target free web hosting services where they can quickly setup sites anonymously.