Social networks were the No. 1 target for phishing attacks in the U.S. in 2013, according to a new report from Kapersky Labs, drawing on anonymized data from the company’s Security Network.
Phishing refers to the practice of creating a fake Web site in order to collect personal information about users, usually for a criminal purpose.
In the U.S., social networks
accounted for 36% of all phishing attacks, followed by financial institutions at 30%. Globally, 35.4% all phishing attacks mimicked social network sites, while 31.5% mimicked financial sites. The
global figure for social networks is up from 28.6% in 2012, while the figure for financial sites is up from 23% over the same period.
Kapersky noted that social nets are a natural
target, since the goal of many phishing attacks is to propagate the scam. Social-network users who recycle passwords between networks or from their email accounts are especially vulnerable.
Around the world, phishing attacks targeting the financial sector used a fake bank or banking Web site 22% of the time, while 6% targeted online stores like Apple's iTunes, eBay and
Alibaba, and 5% targeted online payment systems, including PayPal, American Express, Visa, Western Union, Authorize.net, MasterCard and Post Finance.
The logic of attacking financial
services self-evident. As Willie Sutton observed: “That’s where the money is.”
Kapersky also warned of phishing attacks exploiting concern about natural disasters or
other big events that fuel a lot of Internet discussion, including high-profile marketing campaigns, which the company terms “thematic phishing.”
In geographic terms, the
U.S. was the top phishing target, accounting for 31% of all attacks, followed by Russia at 12% and Germany at 9%.