A new study says phishing scams make up 7% of all spam sent and that on average, 55,000 people a month fall for them and give up their personal info. Social networks such as Twitter and Facebook are an increasingly popular target for phishers. Twitter has been hit by two phishing attacks lately. One, the Twitter Porn Name scam, claimed to be a seemingly harmless game where Twitter users were told to put the name of their first pet with their mother’s maiden name and/or first street they lived on to get their “porn name” and then tweet it. Those particular pieces of information are gold to a phisher because they are the answers to the questions most websites ask when a user needs to retrieve or change their password. The second scam was the TwitViewer scam. Users got a tweet inviting them to check out the TwitViewer site to find out the last 200 people who visited their Twitter profile. The site asked for their Twitter name and password. Once entered the visitor was shown a screen full of thumbnails that claimed to be those of the last 200 people that had visited their profile. They weren’t, they were just random people, and the visitor found their account spammed everyone they were following and Twitter at large with the same invite they had responded to, and if they clicked on any of the thumbnails their account automatically followed them. Twitter claims to be working on tightening security but their recent roll out of their new URL blocking system shows they have a long way to go.

Phishing attempts in email are still rising as well. Most of these attacks target banks and other financial institutions; in fact the top 2 targets of phishing attempts between January and June of this year were Bank of America and Paypal. While in the past phishing emails and the fake sites they lead to could be easily spotted due to their extremely poor grammar and sloppy formatting, experts are finding that more recent phishing attacks have shown a sharp rise in attention to detail with nearly perfect layouts and error-free grammar. Of course they still can’t hide the true destination of their fake URLS though. Hover your cursor over the link (don’t click) and the real URL will be revealed in the information bar.