The report outlined the emergence of two distinct types of cyber criminal. The first, a highly sophisticated, well-informed individual who pursued high-value opportunities with large payoffs.
The second was an individual skilled at exploiting social relationships to con small amounts of money from a large number of people.
"Microsoft and the rest of the software industry have significantly improved customer protection and guidance over the last few years.
"These efforts are making a difference, but there is more work to do. We continue to see cyber criminals evolve their attack methods, such as the significant rise in social network phishing," Mr Rees said.
The report said phishing using social networking as a lure increased from 8.3% of all phishing in January last year to 84.5% by December that year.
The huge increase was a direct result of the rise in social networking sites.
"These techniques add to an already extensive list of social engineering techniques, such as financial and product promotions, to extort money or trick users into downloading malicious content."
The report also found that worldwide detection of adware increased 70% within a six-month period last year, Mr Rees said.
Symantec discovered that certain Facebook applications leaked tokens that acted essentially as "spare keys" for accessing profiles, reading messages, posting to walls or other actions.
Facebook applications are web software programs that are integrated on to the leading online social network's platform.
Symantec said 20 million Facebook applications, such as games, were installed every day.
The tokens were being leaked to third-party applications including advertisers and analytics platforms allowing them to post messages or mine personal information from profiles, Nishant Doshi, of Symantec, said.
"Fortunately, these third parties may not have realised their ability to access this information," he said in a blog post.
"We have reported this issue to Facebook, who has taken corrective action to help eliminate this issue."
Symantec estimated that as of April, nearly 100,000 applications were giving away keys to Facebook profiles.
"We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties," Mr Doshi said.
Facebook confirmed the problem, which was discovered by Mr Doshi and Symantec colleague Candid Wueest, according to the computer security firm.
There was no reliable estimate of how many tokens had been leaked since the release of Facebook applications in 2007.
Despite whatever fix Facebook had put in place, token data might still be stored in files on third-party computers, Symantec warned.
"Concerned Facebook users can change their Facebook passwords to invalidate leaked access tokens," Mr Doshi said.
"Changing the password invalidates these tokens and is equivalent to 'changing the lock' on your Facebook profile."
Ovum principal analyst Graham Titterington said while criminals worked to evolve their attack methods, Microsoft and the industry would continue to collaborate with partners and customers to improve security and privacy and increase awareness.