CBCnews
Story Tools: EMAIL | PRINT | Text Size: S M L XL | REPORT TYPO | SEND YOUR FEEDBACK | Bookmark and Share

Facebook 'ideal' for phishing attacks: researcher

Last Updated: Saturday, April 14, 2007 | 12:06 AM ET

CBC News

Privacy settings on social networking websites such as Facebook give people a false sense of security that could expose them to phishing attacks, a computer security researcher says.

Facebook and sites like it offer users the opportunity to share varying amounts of information with others on the network, ranging from a restrictive setting that lets only people designated as friends see personal details, to one that lets anyone and everyone read the user's profile.

"This illusion of privacy leads people to be a little freer in their disclosure," Symantec Corp. security researcher Nick Sullivan wrote in a post to the company's security response weblog on Friday.

JARGON
PHISHING is a technique used by criminals to try to trick people into disclosing sensitive information such as online banking names and passwords, often by sending them e-mails that purport to be from a trusted source.

A quick scan of Facebook profiles confirms his assertion, with a broad range of information freely offered by the service's users.

The profiles can include e-mail and physical addresses, phone numbers, birthdays, work and education histories and other information that can be compiled into a comprehensive profile.

"This 'private' information found in many accounts is a treasure trove of contextual information for the determined phisher or identity thief, if they can get to it," Sullivan wrote.

One way to do so is to seize control of the account of someone designated a friend or someone in the same network, he said.

Phishers can easily engineer fake notifications that follow the format of legitimate friend requests e-mailed to Facebook members, for example. A typical e-mail would ask a user to click on a link to confirm that they are friends with an individual requesting addition as a friend on the network.

"Some users are conditioned to follow this process whenever they receive an e-mail of this sort," and almost reflexively log in to a site through a link provided in an e-mail, he noted.

"This simple, clean design is very easy for a phisher to mimic … This makes Facebook users ideal targets for the type of generic phishing attacks that are usually directed at financial institutions."

  • This story is now closed to commenting.
Story Tools: EMAIL | PRINT | Text Size: S M L XL | REPORT TYPO | SEND YOUR FEEDBACK | Bookmark and Share
 

Related

Technology & Science Headlines

Bell quietly drops system access fee
The cellphone system access fee is all but extinct. Bell Canada has quietly axed the charge, joining rivals Rogers and Telus.
Beam sent around Large Hadron Collider
The operators of the Large Hadron Collider have successfully sent a beam of particles around the ring of the world's largest particle collider in Switzerland.
Astronauts begin 2nd spacewalk of Atlantis mission
Astronauts from the space shuttle Atlantis have begun their second of three scheduled spacewalks.
Asian carp close to Great Lakes
U.S. officials say the despised Asian carp may have breached an electronic barrier designed to prevent it from invading the Great Lakes.
Billy Bragg, NDP push for new law on music downloads
British folk singer Billy Bragg teamed up with Canadian songwriters and the NDP to advocate for copyright reform and a new approach to music downloads while on tour in Ottawa Friday.

Technology Features

BRIGHT IDEASHome sweet solar home
Students build solar-powered houses for U.S. competition
THE IDEAS GUYRichard Handler
New thinking about children, some anti-advice
QUIRKS & QUARKSBob McDonald
Energy-efficient homes: Small changes, big gains
Q&A Mayer-Schonberger
Society must teach digital systems to forget, author says
MILITARY MATTERSRobert Smol
Now is not the time to gut our armed forces
SMART SHIFTWeekly Think Tank
Can governments get smarter, leaner and faster?
More Features

Top CBCNews.ca Headlines

Headlines

Flood forces Vancouver Island evacuations Video
Dozens of homes have water "up to the doorknobs" and others are under evacuation alert after heavy rain combined with high tides to flood low-lying parts of Duncan, B.C., an hour's drive north of Victoria.
Disgraced N.S. bishop Lahey replaced
The Roman Catholic Church has appointed a replacement for Bishop Raymond Lahey, of the Diocese of Antigonish, N.S., who is facing child pornography charges.
Rocket hits luxury hotel in Afghan capital
At least two people were hurt when a rocket struck a wall of the heavily guarded Serena Hotel in Kabul, the Interior Ministry says.
Italian police arrest Mumbai attack suspects
Italian police on Saturday arrested a Pakistani father and son accused of helping fund and providing logistical support for last year's terrorist attacks in Mumbai, India, authorities said.
Ottawa will stay course on stimulus: Flaherty Video
Rather than turning off the stimulus taps or pouring more fuel on the economic fire, Ottawa will stand pat with the $61 billion in stimulus spending announced in January, Finance Minister Jim Flaherty says.