Vincent Arnold

From the SANS Internet Storm Center

Scammers Use Social Networks for Increased Effectiveness

Published: 2007-05-16,
Last Updated: 2007-05-16 17:27:32 UTC
by Lenny Zeltser (Version: 1)

In an insightful interview captured on the ha.ckers.org site, a phisher emphasizes the benefits of targeting users of social networking sites such as MySpace and Facebook, LinkedIn, and so on. He claims that his efforts yield him $3,000-$4,000 per day. (If you have any data supporting or refuting this figure, please let us know.)

The phisher’s money-making activities involve the following actions:

• Capturing logon credentials via a fake social networking site that resembles the one being spoofed.
• Using captured contact information or compromised accounts to send advertising, profiting from Cost Per Action (CPA) deals.
• Accessing the victim’s email accounts using captured logon credentials. (Most people use the same credentials on multiple sites.)
• Using compromised email accounts to gain access to commercial sites such as PayPal, E-gold, eBay and selling access to these accounts.

Why focus on users of social networking sites? Because social networks provide a trusting context within which the victims will be more likely to take the phisher’s bait. Ultimately, this means that the phisher’s activities will yield higher profits.

Read the entire post here.

This entry was posted on Wednesday, May 16th, 2007 at 2:48 pm and is filed under Scams.