Social Media Provides Fertile Hunting Ground For Phishing Scammers

Connected To Our Friends ... But Also To The Bad Guys

Social media has gone a long way towards helping people to connect more closely with friends and family, particularly with those far-flung people with whom we are otherwise more likely to lose contact. But the information that we share within our social circle often falls into the hands of people who seek to use that information to their own advantage. Meanwhile, the mere access to your account can also expose you to all sorts of offers, both legitimate and illegitimate.

RSA, the security division of EMC, has released a new survey demonstrating a close relationship between social media and phishing attempts.

Here are some of the high points.

Jumping On The Bandwagon

In 2008, approximately 20 percent of U.S. citizens were users of social media, according to the study. Since that time, the numbers have jumped sharply. According to the report, approximately 50 percent of U.S. citizens now use social media. The membership of Facebook has increased nearly 10 times since 2008, while the membership of Twitter has increased five times in the last four years.

The Exposure From Social Media Is Not A Hidden Secret

According to the RSA survey, there has been a 19 percent increase in global phishing attacks from the first half of 2011 through the first half of 2012. The average social media user must now be continually on guard to ensure that invitations, even those that come from friends, are legitimate, and that being used as a means of exploitation.

A Bigger Chunk Of The Phishing Expedition

The RSA study quotes a Microsoft survey that says phishing conducted via social media networks in early 2010 represented only 8.3 percent of all phishing attacks. But the bad guys were just beginning to dip their lines in the water. By the end of 2011, social media were used in nearly 85 percent of all phishing attempts.

The Business Impact

According to the survey, phishing of all types (not just social media) cost organizations an estimated $2.1 billion in losses during the last 18 months. Phishing opens the door to a wide range of exploits aimed at gathering company information, and is sometimes combined with privilege escalation attacks that are aimed at driving those impacts still further.

Going Month-To-Month

The RSA report suggests that there is a cyclical aspect to social media-induced phishing attempts, given that the numbers tailed off somewhat from fall until the spring of last year. And the current trending suggests these findings may continue in the current year.

Phishing Attackers Are Banking On The Money

Nationwide banks suffered a 10 percent increase in attacks, representing about three out of every four attacks in September of this year. Brand recognition is frequently considered to be a critical aspect in getting people to fall for phishing attempts, and banks that have locations in multiple states and lots of customers tend to provide the best bang for the buck. But it's important to note that regional banks, and even savings and loans, are not immune to this attack vector, based on the data from the RSA report. The statistics for September of 2012 are an accurate reflection.

Standing In The Crosshairs

Certain countries are more likely to be targeted for phishing attempts than others. While US residents might predict that the United States topped the charts, this is not true. For seven consecutive months, the United Kingdom has had the dubious honor of leading the league with 47 percent of the attack volume. The US comes in second at a mere 25 percent. Canada finishes third at 17 percent.

Where Are They Coming From?

Some of us might think that the vast majority of these threats come from locations far from the United States, such as China, Russia, or anywhere else for that matter. But the RSA research suggests that this is not true. According to that data, the US continues to be the top hosting country for phishing attacks with 77 percent of the overall volume. Poland, the UK, Canada, and France have the combined percentage of 11 percent, while the balance is represented by 62 other countries.

More Security News From CRN

The Latest Security Headlines:
Sophos Rolls Out Free UTM Manager Console
DHS Secretary Calls For Public, Private Partnership
EMC Acquires Fraud Detection Company