- Category: January - February 2010
A high number of Facebook users are putting themselves at risk by opening their individual profiles to total strangers and by clicking on unknown links that they receive. This is the conclusion of a recent blind study conducted by Check Point Software Technologies Ltd’s Security Research & Response team.
In order to evaluate the real danger posed by social networking sites, Check Point Security Research & Response team simulated a Phishing scam on a random sample of Facebook users. Using a fake and anonymous Facebook profile the company disseminated a private email message including the mention “check out my latest pictures” as well as a link to a URL, then tracked down how many users would actually open the message and click on the link.
Here’s what Check Point found: Out of 200 users that received that email, 71 clicked on the link and tried to access the webpage attached, e.g. 35% of all individuals targeted. If that link had been redirecting to an infected page or to a phishing site, this means that more than 71 machines and users could have been possibly compromised or suffer a Phishing fraud.
Going further, the experiment also showed that many users are easily opening their profiles and unveiling personal information to total strangers. By doing so they expose valuable personal details such as email or private addresses, date of birth, pet’s name, maiden name and more to potential hackers, who could use the information with malicious ends.
“This test clearly illustrates the power of social networking sites to launch wide spread individual Phishing attacks,” comments Guy Guzner, director of security products at Check Point. “For a hacker, it is fairly easy to take advantage of this kind of site to circulate malicious links, worms, Trojans or viruses to a wide panel of trusting users and in no time.”
“Social networkers think that they are navigating in a safe, intimate and private space, however there are lots of cyber-sharks out there that are duping them and posing as "friends" just to steal their personal information and confidential financial details. It is high time for social networkers to acknowledge that social sites are not any safer than any other place on the Internet, and that they should apply the same caution on their social network as on their regular email for instance,” Guzner concludes.
Contributed by Check Point Software Technologies Ltd - http://www.checkpoint.com/