Cybercrime is becoming increasingly personal as criminals collect data from social networking Web sites, data breaches and other sources.
According to the bi-annual McAfee Security Journal threat report, international security experts from McAfee's Avert Labs found an increase in the use of social engineering techniques used to exploit human nature and maximise profits.
"Cybercriminals are crafting attacks that are virtually impossible for computer users to identify," says Jayson O'Reilly, regional director: Africa (acting) of McAfee.
"Phishing scams, e-mail attacks, Trojan horses, and other attacks are so personalised that even someone with the most watchful eye could fall for a carefully socially-engineered trap."
In the past six months, cyberscammers have exploited human emotions and curiosity in attempts to lure victims and steal personal information. Recent scams have revolved around news and events such as the Olympics, natural disasters, and the presidential election in the US.
"No matter where you live or what language you speak, cybercrooks will exploit basic human nature, zeroing in on emotions of fear, curiosity, greed, and sympathy," says O'Reilly. "Criminals understand human weaknesses and will increasingly use the power of the Internet to exploit those weaknesses. It's an easy way for cybercrooks to make money and for spies to steal sensitive data."
McAfee Security Journal outlines four major global trends:
* The depth of personalised attacks will increase – As users become more comfortable posting information about themselves online, coupled with the increase in user-generated applications, cybercriminals are using information and vulnerabilities in social networking sites to create attacks. McAfee predicts that users will be taken off guard by the level of detail and personalisation in attack messages from cybercriminals.
* Socially engineered spam will explode – Cybercriminals lure countless victims by faking believable spam messages based on real information. For example, cybercrooks will use information collected from data breaches to fake customer loyalty programmes or offer discounts to recent shoppers. McAfee predicts the trend will continue, as scammers glean personal information about users from social networking sites or data breaches to understand users' credit card information, interests and behaviours.
* Stock scams will rise – The growth of social engineering will be used increasingly to affect stocks and shares, going beyond the common "pump and dump" scam used by spammers to claim that a low-priced stock is about make tremendous gains. Taking a page from historical "penny stock" scams, Avert Labs researchers expect even bolder attempts by cyberscammers to create profitable fluctuations in the equities and derivatives markets, such as falsely advertising security vulnerabilities in software or management changes at a public company.
* Criminals will capitalise on users' desire to protect their PCs, with more fake security updates – McAfee has tracked an increase in malicious software posing as applications from "security" vendors. Criminals use pop-up ads to tell users that their computers are infected and that only the vendor's software can clean the machine. Not only does the software fail to deliver increased protection, but it can often lead to downloading new malware onto a user's machine. McAfee believes cybercriminals will step up their efforts to lure victims with fake security updates.