Infosecurity

Social networks fueling phishing spat

By Crystal :Low | 8 June 2009

Social engineering is the most effective hacking technique, according to information security experts. Social engineering is the act of manipulating people into divulging confidential information, and security professionals warn that social networks such as Twitter and Facebook are ideal conduits for the theft of sensitive information.

View photos

Related Categories

• INFOSECURITY

From this Section

• NEWS

Social networks are targeted as they are rich with the type of information that phishers love - hometowns, birth dates, spouse names, addresses, alternate email accounts and, employers.

A recent study by internet security firm Websense found that security professionals are concerned by threats posed by social networksing threats, but remain focused on other cyber threats.

Aaron Higbee, co-founder of US-based information security consultancy Intrepidus, claims that the social engineering problem is worse than is currently believed, with many companies “boxing” auditors into looking only at conventional threats and traditional security measures.

Yet Higbee points out that hackers who know how to target individuals through networking sites have a higher likelihood of success in breaching security. In an experiment conducted by Intrepidus, 23 per cent of the 500,000 sites tested by his company have fallen for victim to a social engineered phishing attack.

“Attackers are bypassing all layers of security and are going after the soft targets – social network users - with targeted phishing. And it’s very effective,” he said.