Here are the steps in the process:

1. Cybercriminals purchase Facebook user names and passwords on websites at a cost of $75 to $200 per 1000 matching pairs.

2. Cybercriminals enter accounts and get access to friends, emails, dates of birth, mother’s maiden names, home towns, and vital information from profiles and postings to start online conversations.

3. Messages are sent to friends with information of interest (based on postings) that include a link to a website that results in a malicious executable file being placed on the recipient’s PC.

4. Executable files contain keystroke loggers that capture all user keystrokes on a periodic basis that are emailed to free Gmail or Hot Mail accounts that are set up by the Cybercriminal.

5. Eventually, the user logs into the employer’s network through VPN or Citrix and the cybercriminal captures the user name and password.

6. The cybercriminal enters the corporate network and probes for weaknesses such as those caused by failure to update security patches.

7. A vulnerable server is found and breached resulting in the hacking of confidential information.

Source: http://www.usatoday.com/NEWS/usaedition/2010-03-04-1Anetsecurity04_CV_U.htm?csp=N009

Pfishing Attacks- Pfishers send spoofed emails that highjack the names of trusted companies like banks, credit card companies, e-retailers, etc. in an attempt to trick recipients into visiting counterfeit websites and entering confidential data into web forms. Such confidential data can take the form of account numbers, credit card numbers, social security numbers, user names,  passwords, etc. Once this information has been received, the theft can begin.

Pfarming Attacks- Pfarmers send emails or design websites that plant crimeware into home computers and PC’s that directly extracts confidential information through the use of key logger monitoring software.

Some carriers may allude to coverage for pfishing and pfarming by use of terms unauthorized access or breach of security while the better forms will have affirmative coverage grants. A specific limit may be available for a business to restore their credit after an identity theft has occurred.

Source: With Computers Under Siege, Cyber Insurance To The Rescue