Facebook 'ideal' for phishing attacks: researcher

Last Updated: Saturday, April 14, 2007 | 12:06 AM ET

CBC News

Privacy settings on social networking websites such as Facebook give people a false sense of security that could expose them to phishing attacks, a computer security researcher says.

Facebook and sites like it offer users the opportunity to share varying amounts of information with others on the network, ranging from a restrictive setting that lets only people designated as friends see personal details, to one that lets anyone and everyone read the user's profile.

"This illusion of privacy leads people to be a little freer in their disclosure," Symantec Corp. security researcher Nick Sullivan wrote in a post to the company's security response weblog on Friday.

JARGON
PHISHING is a technique used by criminals to try to trick people into disclosing sensitive information such as online banking names and passwords, often by sending them e-mails that purport to be from a trusted source.

A quick scan of Facebook profiles confirms his assertion, with a broad range of information freely offered by the service's users.

The profiles can include e-mail and physical addresses, phone numbers, birthdays, work and education histories and other information that can be compiled into a comprehensive profile.

"This 'private' information found in many accounts is a treasure trove of contextual information for the determined phisher or identity thief, if they can get to it," Sullivan wrote.

One way to do so is to seize control of the account of someone designated a friend or someone in the same network, he said.

Phishers can easily engineer fake notifications that follow the format of legitimate friend requests e-mailed to Facebook members, for example. A typical e-mail would ask a user to click on a link to confirm that they are friends with an individual requesting addition as a friend on the network.

"Some users are conditioned to follow this process whenever they receive an e-mail of this sort," and almost reflexively log in to a site through a link provided in an e-mail, he noted.

"This simple, clean design is very easy for a phisher to mimic … This makes Facebook users ideal targets for the type of generic phishing attacks that are usually directed at financial institutions."

Stay Connected with CBC News

Big Box Advertisement

Top News Headlines

Oklahoma tornado recovery work begins after dozens killed

Oklahoma tornado recovery work begins after dozens killed: Rescue teams searched through the night looking for survivors after dozens of people were killed in a tornado that flattened homes and two schools in an Oklahoma City suburb. WATCH LIVE: U.S. President Obama is scheduled to speak at 10 a.m. ET about the massive tornado. more »

Will alleged Rob Ford video overshadow Toronto casino debate?: A debate about a proposed downtown casino is supposed to take centre stage at Toronto City Hall on Tuesday, but it seems a safe bet that a still-unseen video of Mayor Rob Ford will continue to be a topic of conversation. more »
Harper to address Tory caucus amid Senate scandal: Conservatives gathered Monday night to mourn the passing of a key architect in their rise to power — and to brace for the toughest test Prime Minister Stephen Harper's government has faced since taking office on a promise to clean up politics in the national capital. more »
Keith Boag: Have you heard about the murderous abortion doctor?: The gruesome trial and murder conviction of Philadelphia abortion provider Dr. Kermit Gosnell is unlikely to change American abortion law, Keith Boag writes. But it has U.S. journalists questioning their priorities and how they cover such a sensitive issue. more »
Fearful Oklahoma families search for children: The parents and guardians stood in the muddy grass outside a suburban Oklahoma City church, listening intently as someone with a bullhorn called out the names of children who were being dropped off — survivors of Monday's deadly tornado. more »

Must Watch

Latest Technology & Science News Headlines

Microsoft's Xbox revamp: Is the sun setting on game consoles?

Microsoft's Xbox revamp: Is the sun setting on game consoles?: With the rise of mobile and social games, the revival of PC gaming and a general proliferation of options for both developers and players, some are wondering whether game consoles matter anymore, writes Peter Nowak. more »

Netflix and the rise of binge TV watching: Netflix has been giving viewers the opportunity to watch entire new seasons of TV shows in one sitting and — for better or for worse — many have been doing just that. more »
Vancouver link to Hadfield's space guitar: A Vancouver company says it will re-start production of a guitar that was used by Chris Hadfield in space, prompting thousands of dollars in new orders. more »
Xbox launch Tuesday highly anticipated: Microsoft's next-generation Xbox expected to be revealed Tuesday, and anticipation for the entertainment console's latest evolution is running high. more »
Anteater's birth in female-only pen stumps zoo staff: Confused Connecticut conservation officers are wondering how a female anteater, who has given birth at the centre, conceived without a male in the pen. more »

More Headlines »

Bob McDonald's Blog

Chris Hadfield: The gravity of gravity May. 17, 2013 9:58 AM After five months of being Superman and a media superstar, Canadian astronaut Chris Hadfield is now beginning the challenging task of adapting his mortal body and brain to life back on Earth.

Quirks & Quarks

May 18: Apps for Apes May. 17, 2013 4:26 PM Scientists at more than 2 dozen zoos around the world, including the Toronto Zoo, have been using computer tablets to stimulate our bright orange primate cousins, the orangutans. And the orangutans have been loving it.