• by Erik Sass , Staff Writer @eriksass1, April 4, 2014

Social networks were the No. 1 target for phishing attacks in the U.S. in 2013, according to a new report from Kapersky Labs, drawing on anonymized data from the company’s Security Network. Phishing refers to the practice of creating a fake Web site in order to collect personal information about users, usually for a criminal purpose.
 
In the U.S., social networks accounted for 36% of all phishing attacks, followed by financial institutions at 30%. Globally, 35.4% all phishing attacks mimicked social network sites, while 31.5% mimicked financial sites. The global figure for social networks is up from 28.6% in 2012, while the figure for financial sites is up from 23% over the same period.
 
Kapersky noted that social nets are a natural target, since the goal of many phishing attacks is to propagate the scam. Social-network users who recycle passwords between networks or from their email accounts are especially vulnerable.
 
Around the world, phishing attacks targeting the financial sector used a fake bank or banking Web site 22% of the time, while 6% targeted online stores like Apple's iTunes, eBay and Alibaba, and 5% targeted online payment systems, including PayPal, American Express, Visa, Western Union, Authorize.net, MasterCard and Post Finance.

The logic of attacking financial services self-evident. As Willie Sutton observed: “That’s where the money is.”
 
Kapersky also warned of phishing attacks exploiting concern about natural disasters or other big events that fuel a lot of Internet discussion, including high-profile marketing campaigns, which the company terms “thematic phishing.”
 
In geographic terms, the U.S. was the top phishing target, accounting for 31% of all attacks, followed by Russia at 12% and Germany at 9%.