Universities are the latest and an expanding target for identity fraud criminal gangs that take advantage of openness at campuses to commit "phishing" offenses against academic individuals and institutions, security surveys indicated.

Tests conducted by Cyveillance, Inc, a cyber-intelligence company, showed that educational institutions, alongside social media sites, were increasingly the targets of "phishers" who continued to expand their attacks in the first half of 2010.

"Phishing" is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

With greater diversity of attacks, phishing continues to be a global problem, Cyveillance said in its report for the first half of 2010. It said numerous industries and more than 30 countries experienced targeted attacks.

"It is important for employees and organizations to be prepared beyond just implementing traditional security measures," the report said. It said there was "need to continuously educate individuals in cyber-safety best practices in order to proactively protect their companies against attacks."

While banks and credit unions continue to be the top targets of phishers, universities and social media sites are growing favorites of phishers due to the inherent nature of these users to share personal information.

"Cyber-criminals are gaining access to confidential information through simple searches in order to carry out elaborate social engineering scams," Cyveillance said.

This type of phishing relies on both technology and human interaction by manipulating people to perform actions or divulge further information, resulting in online fraud or identity theft.

Most universities routinely publish information about staff, including telephone numbers and e-mail addresses.

Cyveillance said the risk was even greater on social networking sites.

"In an age where people are encouraged to share everything from what they had for lunch on Twitter to photos of their weekend on Facebook, cyber-criminals are taking advantage of the abundance of information at their fingertips in order to create targeted attacks," said Panos Anastassiadis, chief operating officer of Cyveillance.

"It is important for employees and organizations to be prepared beyond just implementing traditional security measures; they need to continuously educate individuals in cyber-safety best practices in order to proactively protect their companies against attacks."

Universities are specifically targeted for credentials including name and password information. Phishers use these details to create botnets -- applications that allow unauthorized access to or control over a user's computer. Once penetrated, the system helps facilitate malicious activity such as spamming or denial of service attacks.

Alternatively, social media is used to distribute malware to reap greater financial benefits, Cyveillance said. "While these avenues are used in different ways, they are both targeting large groups of individuals who are typically more willing to share information and trust online links," the company said.

In addition to Cyveillance's traditional phishing and malware statistics, the report cited test results identifying how long it takes leading antivirus software vendors to detect new malware threats as they are initially discovered in real-time and over the course of a 30-day period.

When Cyveillance fed active attacks through 13 of the top anti-virus vendor offerings, they identified that the solutions initially detect on average less than 19 percent of malware threats. That average detection rate increases to 61.7 percent after 30 days.

Phishing detection also presented problems. During the first half of 2010, Cyveillance said it detected 126,644 phishing attacks for an average of more than 21,000 unique attacks per month with the volume remaining relatively steady throughout the first half of 2010. "The amount of attacks seen monthly is down compared to the second half of the previous year but the overall volume confirms that the problem of phishing is still easily one of the top threats on the Internet," said the company.

The majority of malware threats on the Internet continue to originate within the United States which the company called a leader "in almost every significant malware statistical category."

Countries such as China, Canada and the United Kingdom don't provide the same volume of threats as the United States but still pose "significant danger to Internet users," said the company.

Cyveillance, a wholly owned subsidiary of QinetiQ North America, serves more than 100 million global consumers through its partnerships with security and service providers that include Blue Coat, AOL and Microsoft.