Thieves assume people use the same password for most online identities

Identity thieves that hit Facebook last week with a new round of phishing attacks are harvesting passwords for profit, a security researcher said today.

“It’s not surprising that they’re targeting Facebook,” said Kevin Haley, a director on Symantec’s security response team. “Facebook has, what, 200 million-plus users? The bad guys always go where’s there’s a lot of people.”

The newest Facebook attacks resemble previous phishing rounds in their tactics: A compromised account sends a malicious link to friends. That link leads to a site that mimics the legitimate log-in page. But users duped into entering their usernames and passwords are likely giving away more than just their Facebook credentials, said Haley.

Continue reading the article …

Not too long ago a high profile executive of a financial institution said to me, “Identity theft! That happened to me, I called the credit card company and they took the charge off my account, it wasn’t a big deal.”

Continue reading the article ….