• Discuss

Social Networkers Are Slack On Internet Security

• June 29, 2009
• By Nathan Eddy

A Webroot survey has found those using social networks such as MySpace and Facebook are not doing enough to protect themselves from hackers and phishing scams.

A survey from internet security software company Webroot has found members of online social networks may be more vulnerable to financial loss, identity theft and malware infection than they realise.

Surveying more than 1,100 members of Facebook, LinkedIn, MySpace, Twitter and other popular social networks, the company uncovered numerous behaviours that put social networkers' identities (and wallets) at risk.

Among the results of the survey, two thirds of respondents didn’t restrict any details of their personal profile from being visible through a public search engine such as Google, and more than half aren't sure who can see their profile. About one third include at least three pieces of personally identifiable information, while more than one third use the same password across multiple sites, and one-quarter accept "friend requests" from strangers.

“The amount of time spent on communities like Facebook last year grew at three times the rate of overall internet growth," said Mike Kronenberg, chief technology officer of Webroot's consumer business, which has presented hackers with a huge target. "Three in 10 people we polled experienced a security attack through a social network in the past year, including identity theft, malware infection, spam, unauthorised password changes and 'friend in distress' money-stealing scams.”

Kronenberg said the first step to staying protected was being aware of what the threats are and knowing how to help prevent them, noting cyber-criminals employ various types of trickery and malware to capitalise on risky behaviours. One common tactic is phishing, which hackers use to entice victims into downloading an infected file, by visiting a disreputable site outside the social network.

The popular social networking site Facebook was recently the target of multiple phishing scams, as have been MySpace and Twitter earlier in the year. "Hackers lure users into taking actions they shouldn't by making it appear as if a friend within their social network has sent them a message – only the message is from a hacker who's hijacked the friend's account," said Kronenberg. "We've seen instances where a message includes a link that, when clicked, prompts the user to download a seemingly legitimate file which, once on your PC, can do a number of things – spam your friends, monitor your online activity or record your personal information."

The results of the Webroot survey indicate a general lack of awareness of the security risks on social networks and the tools available to protect personal information, as well as higher rates of risky behaviour exhibited by younger social networkers. The survey found 18-29 year olds are more likely to use the same password across multiple sites (51 percent, versus 36 percent overall), share more personal information that may compromise online privacy (67 percent share birth date, versus 52 percent overall) and experience a security attack (nearly 40 percent, versus 30 percent overall).