Facebook 'ideal' for phishing attacks: researcher
Last Updated: Saturday, April 14, 2007 | 12:06 AM ET
CBC News
Related
Internal Links
External Links
(Note: CBC does not endorse and is not responsible for the content of external sites - links will open in new window)
Privacy settings on social networking websites such as Facebook give people a false sense of security that could expose them to phishing attacks, a computer security researcher says.
Facebook and sites like it offer users the opportunity to share varying amounts of information with others on the network, ranging from a restrictive setting that lets only people designated as friends see personal details, to one that lets anyone and everyone read the user's profile.
"This illusion of privacy leads people to be a little freer in their disclosure," Symantec Corp. security researcher Nick Sullivan wrote in a post to the company's security response weblog on Friday.
| JARGON |
|---|
| PHISHING is a technique used by criminals to try to trick people into disclosing sensitive information such as online banking names and passwords, often by sending them e-mails that purport to be from a trusted source. |
A quick scan of Facebook profiles confirms his assertion, with a broad range of information freely offered by the service's users.
The profiles can include e-mail and physical addresses, phone numbers, birthdays, work and education histories and other information that can be compiled into a comprehensive profile.
"This 'private' information found in many accounts is a treasure trove of contextual information for the determined phisher or identity thief, if they can get to it," Sullivan wrote.
One way to do so is to seize control of the account of someone designated a friend or someone in the same network, he said.
Phishers can easily engineer fake notifications that follow the format of legitimate friend requests e-mailed to Facebook members, for example. A typical e-mail would ask a user to click on a link to confirm that they are friends with an individual requesting addition as a friend on the network.
"Some users are conditioned to follow this process whenever they receive an e-mail of this sort," and almost reflexively log in to a site through a link provided in an e-mail, he noted.
"This simple, clean design is very easy for a phisher to mimic … This makes Facebook users ideal targets for the type of generic phishing attacks that are usually directed at financial institutions."
Share Tools
Top News Headlines
- Quebec man charged with killing mother, 2 nieces
- A 35-year-old man has been charged with three counts of first-degree murder in connection with the deaths of his mother and two young nieces in Quebec's Eastern Townships. more »
- Manitoba trailer fire kills 4
- Four people are dead after an early-morning fire quickly engulfed a residential trailer in Selkirk, Man. more »
- Harper's China visit ends with panda pact
- Prime Minister Stephen Harper wrapped up a visit to China aimed seeking new investments by officially announcing that Beijing will loan two of the country's prized giant pandas to Canadian zoos. more »
- Attawapiskat sites not ready for modular homes
- The first two of 22 modular homes promised by the federal government to Attawapiskat are on their way to the remote northern Ontario community, but the minister handling the Aboriginal Affairs portfolio is expressing concern over the "readiness" of the lots. more »
Latest Technology & Science News Headlines
- Ancient Antarctic lake may harbour microbial life
- If scientists find microbes in a frigid lake 3.2 kilometres beneath the thick ice of Antarctica, it will illustrate once again that somehow life finds a way to survive in the strangest and harshest places, and it will offer hope that life exists beyond Earth. more »
- B.C. killer whale habitat protection ruled a legal duty
- The federal minister of fisheries has no discretion when it comes to protecting the critical habitat of B.C.'s southern resident killer whales, the Federal Court of Appeal has ruled. more »
- Game developer seeks $400K, makes $1M in a day
- Videogame studio Double Fine went on the website Kickstarter to raise $400K US in a month to develop a new game. They reached that target in a matter of hours. more »
- McGill asbestos study review criticized
- A group of anti-asbestos activists and scientists are criticizing McGill University's plans for an internal review of a major asbestos research study that has been called into question. more »
Bob McDonald's Blog
Glacier Discovery Walk: Will the visitor centre enhance the view? Feb. 10, 2012 3:17 PM Environment minister Peter Kent has announced the construction of a new Glacier Discovery Walk and visitor centre on the Icefields Parkway in Jasper National Park. It raises the issue of how to balance commercial development in our National Parks against the preservation of the last refuges of wilderness.
Quirks & Quarks
- February 11: Inside the Mind of a Neandertal Feb. 10, 2012 4:01 PM Can we get inside the mind of a species that's been dead for 30,000 years? A new book, How to Think Like a Neanderthal, suggests we can. The authors reconstruct a creature like us in many ways, but with important differences.
Latest Features
- Pop queen Whitney Houston dies at 48
- Quebec man charged with killing mother, 2 nieces
- Harper's China visit ends with panda pact
- Weed Man's sales tactics draw fire from consumer ministry
- Manitoba trailer fire kills 4
- Attawapiskat sites not ready for modular homes
- Emailed rave rape pictures earn teen probation
- Ultimate Tazer Ball combines shock and soccer
- Crane drops section of Port Mann bridge into B.C. river
