To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39167748,00.htm

Facebook to fuel spear-phishing boom?
"This is a goldmine of data for the bad guy community"...

By Liam Tung

Published: Thursday 05 July 2007

Security experts are warning of a drastic rise in personalised phishing campaigns, with social networking at the heart of the problem.

AusCERT's general manager Graham Ingram said social networking sites - such as Facebook and MySpace - are having an enormous impact on security because of people's willingness to share personal information.

Ingram said: "Years ago you would write things [in a diary], personal things. Nowadays you write it on the internet and you put it into sites like MySpace. The amount of information that exists if [criminals] want to get it is extraordinary."

Mark Sunner, MessageLabs chief security analyst, said spammers are already using personal information gathered from social networking sites. Speaking in a recent interview, he said the number of phishing emails has remained static over the past two years but their content had become extremely personal.

Sunner said: "We're seeing people's names, postal codes and addresses. I think this is a symptom of an addiction with social networking sites such as MySpace or LinkedIn - where people have willingly keyed in all this information about themselves.

"This is a goldmine of data for the bad guy community - the bad guys now have the name, age, sex, geography, likes, family member's names. So the ability to make an attack very, very tailored is something we'll see play out for the remainder of 2007."

AusCERT's Ingram added: "God knows what's in front of us... I don't believe we've adjusted to that new environment and what the cyberworld offers."

Liam Tung writes for ZDNet Australia