The latest social engineering attacks increasingly ride on popular news items that present themselves in a variety of forms. In December 2009, Christmas related messages were seen in mainstream social networking websites. Email messages with malware attachments appeared as e-cards from the 123greetings.com website. The Twilight Saga movie trailer of New Moon was exploited as a social engineering trick to promote a file sharing portal, which illegally gathers personal information through forged member registrations.

Now individuals need to carefully protect their personal information to protect it from any abuse,” commented Amit Nath, Country Manager, India & SAARC, Trend Micro

A still growing trend among them is the use of search engine optimization (SEO) techniques in which they manage to insert popular news items in search engines and make them appear as top search results. The death of Brittany Murphy was abused in an SEO attack that led to the FAKEAV exploit redirecting users to scareware portals. Keying in the string “Mayon Volcano eruption” in search engines led users to malicious links to various locations where FAKEAV variants resided.

The list of social engineering schemes keeps constantly evolving and cybercriminals are dramatically developing popular social networking websites as targets. In December 2009, the Koobface worm used a Facebook message leading to a Christmas video as bait to spread its spam among Facebook users and the ZBOT Trojan targeted these users with spam emails that led to a harmful phishing site.