Facebook Scams Succeed Because Friends Don't Warn Each Other: Survey

 
 
By Fahmida Y. Rashid  |  Posted 2011-03-29
 
 
 

Social networking sites can do so much more to protect their users from malware and social engineering attacks. A recent research study suggests users have to shoulder some of the responsibility, too.

A majority of users are unaware that posts on Facebook could pose a security risk and those who were aware did not warn their friends of suspicious links, according to the results of a BitDefender study released March 29.

In a survey of 2,700 users between the ages of 18 and 65, BitDefender found that only about 43 percent of the responders warned their friends if they noticed suspicious posts and activity on their friends' newsfeeds. Most of the participants clearly recognized the threats, as 87 percent said they had noticed when a suspicious application went "wild" on their friends' news feeds, such as the number of people who have viewed the profile, wrote Sabina Dactu, e-threats analysis and communications specialist at BitDefender, on the MalwareCity blog.

Despite recognizing something was wrong, a majority of the survey participants, or 68 percent, didn't warn their friends because they had clicked on the link themselves and helped spread the infection, Dactu said. Others either didn't have the time to let friends know or just didn't want to bother, she said.

"Friendship has its limits, doesn't it?" Dactu wrote.

On average, participants had 137 friends on a social network, but nearly 42 percent of those friends were people they didn't actually know, according to BitDefender's report.

A separate report by ID Analytics released March 22 reached similar conclusions. Men on social networking sites were more likely than women to accept "friend" requests from members of the opposite sex, regardless of how well they know the requester, the ID Analytics report found. In fact, the report estimated that 5 percent of adults in the United States will accept any friend request they receive, even if it came from a stranger, according to the report.

The concept of a friend is very fluid in the online world, Thomas Oscherwitz, chief privacy officer for ID Analytics, told eWEEK. People are beginning to realize that they are exposing a lot of private information to these strangers on social networking sites.

BitDefender also recently analyzed Facebook scams and found that the top techniques offered some kind of stalking, such as letting users see "who viewed your profile," or features that Facebook doesn't offer, such as "who poked me the most," according to BitDefender. "Profile traffic insights," or stalking apps, accounted for 34.7 percent of the analyzed scams. BitDefender estimated that this particular type of scam has generated more than 1.4 million clickthroughs.

"Shocking images" accounted for 14.1 percent, and were links to fake news articles or videos with titles about how amazing or frightening the following item was. There were also scams for games not actually offered by Facebook, which made up 8 percent, according to BitDefender's analysis.

While most of these malware apps are eventually shut down by Facebook, some of these apps can do more than just spam newsfeeds and trick users into filling out surveys. They have access to users' personal information, which can be used by the attackers in a follow-up targeted attack, or sold to someone else, according to BitDefender.

A staggering 93 percent of the respondents stated that they either don't need a security solution for Facebook or that they were unaware of the existence of these solutions, said Dactu.

Rocket Fuel