March 20th, 2007
Phishing for Bloggers
The proverbial "big fish that got away" has been found on Google's Blogger. Last week, Fortinet reported that cyber-criminals are using blogs for phishing expeditions — users that access such blogs are redirected to fraudulent sites. Phishing is the cyber-version of the classic "bait and switch." The word “phishing” comes from the analogy that Internet scammers are using e-mail bait to fish for passwords and financial data from the sea of Internet users. The term was coined in 1996 by hackers who were stealing America Online (AOL) accounts by scamming passwords from unsuspecting AOL users. Since hackers have a tendency to replacing “f” with “ph,” the term phishing was derived. The term has evolved over the years to include not only obtaining user account details but access to all personal and financial data. Blogs have mainstreamed as the "new thing" for average Internet user. The interactive nature and newness of blogs leads participants to implicitly trust each other. Yet, even an innocent blogger's post can be victimized. Coupled with rapid, unabated growth, blogs are fertile for exploitation — and the popularity of Google's Blogger makes it the cyber-criminal's new exploitation-of-choice. Source: June 2006 Idealware report, Blogging Tool Market Share This is not to say that phishing through email will abate. Rather, any IP-based media used for human communication is, or will soon be, the new phishing hole — in addition to email. This includes social media like blogs, wikis, social bookmarking, video blogs… no IP-based media is immune. More importantly, because social communities "live" in the Internet, phishing attempts through social media can rampantly propagate. Bad guys live on the Internet and are attracted to anything that can be exploited.
