In other words, the cybercriminal will wait months and allow their intended malicious site to develop a clean reputation within ad networks. It will allow the site to accept categorizations and pass multiple sweeps for malware in order to seem innocent and gain a trusted position within Web advertising. Once that is accomplished, the site will launch an attack during a particularly vulnerable time, such as the weekend when IT support staff is low, the report said.

Roughly 75 percent of phishing attacks now reside on trusted domains that have been hacked

Cybercriminals use search engines to find domains that use vulnerable-hosting software. These domains are prime hacking candidates, according to the research. are more common to reputed websites now because criminals know users often have the same credentials for several accounts, including bank accounts and social networking accounts. Chances are if a thief gets a hold of your Facebook log in or banking password, they will be able to use it in other lucrative places.

See also:

"Most people associate phishing with SPAM and email attacks; however, social networking has opened a new door for social engineering web-based phishing attacks," the report states. "While classical phishing still exists, cyber crime has moved to social networking attacks to enter the picture as a trusted link between friends, either to deliver malware or to phish for confidential and financial information."