Spear-phishing: Latest cybercrime

The latest development in cybercrimes is called spear-phishing, the Washington Post reports, and it's focused on social networking sites like MySpace.

The FBI last month warned MySpace users of a phony bulletin post urging people to click on a link to "check out old school pictures." A virus seeking financial information recently invaded Orkut, Google's social networking site. Early last month, unsolicited instant messages attempted to lure MySpace users into divulging account information, and about a dozen other sites that spoof the MySpace log-in page have been discovered.

Because people reveal so many intimate details on the sites, scammers "can look at those profiles and use that information to better hone their attack," said Ron Teixeira, executive director of the National Cyber Security Alliance. Scammers can craft phony messages that appear to come from friends to trick people into revealing more personal data, such as credit card or cellphone numbers.

While MySpace has been the largest target so far, spear-phishing is certainly impacting other sites as well.

Interactive sites easily allow spear-phishers to send messages containing malicious code that infects the computer with a virus, which then tracks every user name and password entered on other legitimate sites.

Teenagers and young adults, who make up the bulk of visitors to networking sites, are seen as easy targets because they are typically more trusting and less security-savvy, Huger said. "Then parents use the same computer for their banking," he said. "It could be months before they realize their bank accounts have been hacked."