A high number of Facebook users are still putting themselves at risk by opening their individual profiles to total strangers by clicking on unknown links that they receive. This is the conclusion of a recent blind study conducted by our Security Research & Response team.
By Check Point’s Security Research & Response Team
In order to evaluate the real danger posed by social networking sites, Check Point Software’s Security Research & Response team has simulated a Phishing scam on a random sample of Facebook users. Using a fake and anonymous Facebook profile we have disseminated a private email message that asked users to “check out my latest pictures” as well as a link to a URL. We then tracked down how many users would actually open the message and click on the link.
We found that out of 200 users that received that email, 71 clicked on the link and tried to access the webpage attached, e.g. 35% of all individuals targeted. If that link had been redirected to an infected page or a phishing site, more than 71 machines would have been compromised and 71 users could have been subject to a Phishing fraud.
Going further, the experiment also showed that many users unveil their profiles and personal information to total strangers. By doing so they expose valuable personal details such as email, private addresses, date of birth, pet’s name, maiden name and more to potential hackers.
“This test clearly illustrates the power of social networking sites to launch wide spread individual Phishing attacks,” comments
“It is very important for social networkers to acknowledge that social sites are not any safer than any other place on the Internet,” Guzner concludes.
Anyone who enjoys social networking should follow a few simple tips:
* Don’t click on suspicious links
* Use advanced anti-phishing within your browser. While basic anti-phishing will block known dangerous sites using “signature” lists, advanced anti-phishing will also block new phishing sites that have not yet publicly been identified as dangerous. With millions of phishing sites reported and growing, this extra protection is essential.
* Use advanced browser security that can also protect you from downloading something dangerous. It will also safeguard your computer against invisible “drive-by-downloads” that infect your PC just by looking at a compromised site.