Social Networkers Don't Surf Safely, Report Says

Survey results from Webroot indicate users of online social networks such as MySpace and Facebook are not doing enough to protect themselves from hackers and phishing scams.

A survey from Internet security software company Webroot finds members of online social networks may be more vulnerable to financial loss, identity theft and malware infection than they realize. Surveying more than 1,100 members of Facebook, LinkedIn, MySpace, Twitter and other popular social networks, the company uncovered numerous behaviors that put social networkers' identities (and wallets) at risk.

Among the results of the survey, two-thirds of respondents don't restrict any details of their personal profile from being visible through a public search engine such as Google, and more than half aren't sure who can see their profile. About one-third include at least three pieces of personally identifiable information, more than one-third use the same password across multiple sites, and one-quarter accept "friend requests" from strangers.

Mike Kronenberg, chief technology officer of Webroot's consumer business, said the growth of social networks presents hackers with a huge target. "The amount of time spent on communities like Facebook last year grew at three times the rate of overall Internet growth," he said. "Three in 10 people we polled experienced a security attack through a social network in the past year, including identity theft, malware infection, spam, unauthorized password changes and 'friend in distress' money-stealing scams."

Kronenberg said the first step to staying protected is being aware of what the threats are and knowing how to help prevent them, noting cyber-criminals employ various types of trickery and malware to capitalize on risky behaviors. One common tactic is phishing, which hackers use to entice victims into downloading an infected file, visiting a disreputable site outside the social network.
The popular social networking site Facebook was recently the target of multiple phishing scams, as was MySpace earlier in the year. "Hackers lure users into taking actions they shouldn't by making it appear as if a friend within their social network has sent them a message - only the message is from a hacker who's hijacked the friend's account," said Kronenberg. "We've seen instances where a message includes a link that, when clicked, prompts the user to download a seemingly legitimate file which, once on your PC, can do a number of things -- spam your friends, monitor your online activity or record your personal information."

Results of the Webroot survey indicate a general lack of awareness of the security risks on social networks and the tools available to protect personal information, as well as higher rates of risky behaviors exhibited by younger social networkers. Survey results show 18-29 year olds are more likely to use the same password across multiple sites (51 percent, versus 36 percent overall), share more personal information that may compromise online privacy (67 percent share birth date, versus 52 percent overall) and experience a security attack (nearly 40 percent, versus 30 percent overall).

In general, pro-active social networking security standards are low, the survey found. Eighty percent of respondents allow at least part of their profiles to be searchable through Google or other public search engines and 73 percent don't restrict any profile information from being visible through public search. About one-third (32 percent) include at least three pieces of identifiable information.