Researcher warns of new do-it-yourself phishing program

Researchers at FaceTime Communications have been trying with mixed results in recent days to take down a do-it-yourself phishing program they discovered online last week. The program is designed to help would-be phishers target those using social networking sites like MySpace and Facebook, as well as email services offered by the likes of Yahoo and Hotmail.

This underscores the need for companies to come up with some specific policies and security procedures to address how these social networking and email sites can and can't be used.

Since enterprise employees are increasingly spending their work hours checking personal email and visiting social networking sites, corporate IT administrators have reason to be concerned about the new phishing threat, said Chris Boyd, malware research director at Belmont, Calif.-based FaceTime.

Specifically, Boyd and his team found a hacking Web site where fraudsters can get their hands on automatically generated text they can then use to create phishing emails tailored to steal log-in details for popular Web mail and social networking sites.

A drop-down menu on the site offered phishing email options for Hotmail, Yahoo, MySpace, Orkut, Facebook and hi5, Boyd said. FaceTime reported the finding to the site's hosting provider, which disabled access to the site on Friday. But the researchers discovered Monday morning that the hacking Web site was back online.