Facebook 'ideal' for phishing attacks: researcher

Last Updated: Saturday, April 14, 2007 | 12:06 AM ET

CBC News

Privacy settings on social networking websites such as Facebook give people a false sense of security that could expose them to phishing attacks, a computer security researcher says.

Facebook and sites like it offer users the opportunity to share varying amounts of information with others on the network, ranging from a restrictive setting that lets only people designated as friends see personal details, to one that lets anyone and everyone read the user's profile.

"This illusion of privacy leads people to be a little freer in their disclosure," Symantec Corp. security researcher Nick Sullivan wrote in a post to the company's security response weblog on Friday.

JARGON
PHISHING is a technique used by criminals to try to trick people into disclosing sensitive information such as online banking names and passwords, often by sending them e-mails that purport to be from a trusted source.

A quick scan of Facebook profiles confirms his assertion, with a broad range of information freely offered by the service's users.

The profiles can include e-mail and physical addresses, phone numbers, birthdays, work and education histories and other information that can be compiled into a comprehensive profile.

"This 'private' information found in many accounts is a treasure trove of contextual information for the determined phisher or identity thief, if they can get to it," Sullivan wrote.

One way to do so is to seize control of the account of someone designated a friend or someone in the same network, he said.

Phishers can easily engineer fake notifications that follow the format of legitimate friend requests e-mailed to Facebook members, for example. A typical e-mail would ask a user to click on a link to confirm that they are friends with an individual requesting addition as a friend on the network.

"Some users are conditioned to follow this process whenever they receive an e-mail of this sort," and almost reflexively log in to a site through a link provided in an e-mail, he noted.

"This simple, clean design is very easy for a phisher to mimic … This makes Facebook users ideal targets for the type of generic phishing attacks that are usually directed at financial institutions."

Stay Connected with CBC News

Big Box Advertisement

Top News Headlines

Will Rob Ford's supporters leave Ford Nation?

Will Rob Ford's supporters leave Ford Nation?: The growing controversy over a purported video alleging to show Toronto Mayor Rob Ford smoking crack cocaine may be testing the faith of even his most die-hard supporters. But experts say Ford's policies may trump whatever personal issues he's facing, and that his supporters may rally behind him. more »

Royal Bank pledges not to outsource jobs for cash savings: Royal Bank has promised it will never outsource a Canadian job to a foreign worker solely to save money. more »
Neil Macdonald: How serious is Obama about curbing the drone surge?: In a key speech this week, the U.S. president set out a host of supposed new safeguards for America's controversial practice of remote-controlled rough justice. But as Neil Macdonald writes, the underlying rationale for drone use has not fundamentally changed. more »
Washington police blame bridge collapse on Alberta trucker: Washington State police say an Alberta trucker was responsible for hitting a steel beam precipitating a bridge collapse on one of the busiest routes in the American northwest. more »
Man accused of killing child in patio crash granted bail: Emotions ran high in a packed Edmonton courthouse Friday as Richard Suter, accused of causing a crash into a restaurant patio that killed a young boy, was granted bail. more »

Must Watch

Latest Technology & Science News Headlines

Venus, Jupiter and Mercury to perform Dance of the Planets

Venus, Jupiter and Mercury to perform Dance of the Planets: During sunset on Saturday, three planets will form a bright cluster in the western sky known as the Dance of the Planets. more »

3D printers give rise to 'desktop manufacturing': Customizable objects from plastic dollhouse furniture to medical prosthetics can now be designed and printed out by almost anyone at the press of a button, and is going to lead to an 'explosion of new stuff,' predicts author Chris Anderson. more »
Google Street View captures Galapagos Islands: Few have explored the remote volcanic islands of the Galapagos archipelago, an otherworldly landscape inhabited by the world's largest tortoises and other fantastical creatures that inspired Charles Darwin's theory of evolution. more »
King Richard III buried in 'untidy' grave: New information has surfaced in the odd tale of the British king buried in a car park. King Richard III's remains, which were discovered August under a parking lot in Leicester, England, were laid to rest in a grave researchers are now saying was "badly prepared" and "untidy." more »
EU pushes through restrictions to protect bees: The European Union has approved restrictions on three pesticides to better protect dwindling bee populations, to enter into force by December. more »

More Headlines »

Bob McDonald's Blog

Chris Hadfield: The gravity of gravity May. 17, 2013 9:58 AM After five months of being Superman and a media superstar, Canadian astronaut Chris Hadfield is now beginning the challenging task of adapting his mortal body and brain to life back on Earth.