How many of us click on the links sent to us by trusted friends? Does the trust implicitly extend to the links they are sending? This trust is precisely what phishers take advantage of. Traditionally phishers have mainly used instant messaging (IM) and email to take advantage of the average user.

However, with the rise in social networking sites the phishers have bought themselves a brand new playing field.The interesting thing here is that the malicious link appears to be a comment from a trusted friend. In most cases the trusted friend is not the perpetrator behind these attacks. The most likely scenario is that the trusted friend’s social networking site credentials have been compromised and used by the phishers to post malicious comments to everyone in the compromised contact list. Symantec Security Response Weblog: Phish ‘n’ Exploit