Behind every successful criminal computer hack a simple two-step process: gain trust, then exploit that trust with an attack. Computer criminals will tell you that gaining trust is the hard part. Consider a real-world parallel: Breaking into a bank is difficult. But if you befriend a guard, he’ll eventually let you walk right in through the front door.
That's why Facebook attacks are so easy, says Mary Landesman, senior researcher at computer security firm ScanSafe.
"Facebook users assume a level of trust they just should not assume when using the site," she said.
Phishing attacks have been popping up nearly every week on Facebook and other social sites like Twitter. Victims receive e-mails from friends with innocent-sounding messages, such as "click on this video." Those who are duped then surrender their login information on a rogue Web site, and then a criminal is off to the races with their identity.
People who would never fall for an old-fashioned phishing note are getting tripped up by Facebook phish for one simple reason: They trust the sender.
"People are pretty unguarded in the social networking environment," said Kevin Haley, director of Symantec Corp.'s security response team. "You figure you're surrounded by friends, so why have your guard up?"
