By Nancy Feig
Today, Symantec revealed findings about the rewards phishers are reeling in for personal information phished from consumers.According to the security vendor, bank account details bait the biggest rewards, at up to $400. IDG News Service also reported that:
Credit card details sell for between 50 cents and $5, e-mail passwords for $1 to $350 each, and e-mail addresses from $2 to $4 per megabyte.
The report points to the commercialization and even "professionalism" of today's cyber criminals. Phishing toolkits, which can be purchased to aid these criminals, accounted for 42 percent of all phishing attacks during the first six months of 2007.
These phishers continue to capitalize on vulnerabilities in Web sites trusted most by consumers, including banks, social networking sites and job search engines. The criminals use the "scripts" provided in the toolkits to set up phishing Web sites that mimic legitimate Web sites, according to Symantec.
These social networking sites are particulary vulnerable to phishing because users tend to highly trust the sites and their security measures.
I have to tell you, I honestly used to wonder how people could fall for phishing scams, but I can tell you first hand that they are getting harder to detect. Almost everyone I know has been a victim of phishing on Myspace, the most popular social networking site. It amazes me that Myspace has not found a way to prevent these attacks or at least sent out some type of alert to its users.
I quick google search yields plenty of instructional sites on how to hack into a myspace account. There's even a YouTube video with instructions. I wonder where all of those stolen passwords are going. One organization hacked their way into the Web sites of several HSBC employees to steal their passwords, which are likely their work passwords as well. This is some scary stuff.
Banks need to be aware of the many channels criminals are to steal people's identity and money. Open dialogue with the social networking sites might be one place to start.