Thieves assume people use the same password for most online identities
Computerworld - Identity thieves that hit Facebook last week with a new round of phishing attacks are harvesting passwords for profit, a security researcher said today.
"It's not surprising that they're targeting Facebook," said Kevin Haley, a director on Symantec's security response team. "Facebook has, what, 200 million-plus users? The bad guys always go where's there's a lot of people."
The newest Facebook attacks resemble previous phishing rounds in their tactics: A compromised account sends a malicious link to friends. That link leads to a site that mimics the legitimate log-in page. But users duped into entering their usernames and passwords are likely giving away more than just their Facebook credentials, said Haley.
"Certainly this isn't new," he said, "but we think that what you're seeing is an attempt to shake out every last dollar they can get."
The criminals are operating on the assumption that the Facebook password they acquire from any given user has a good chance of being the same password that person uses on other sites, such as online shopping services or even bank accounts.
"Get one password for the right person and it's like having their wallet handed over," Symantec researcher Marian Merritt in the post to Symantec's security response blog said on Friday.
Computerworld - Complete Story
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment