Boulder, CO – June 24, 2009
Members of online social networks may be more vulnerable to financial loss, identity theft and malware infection than they realize, according to a new survey from Webroot, a leading provider of Internet security software for the consumer, enterprise and SMB markets.
Surveying over 1,100 members of Facebook, LinkedIn, MySpace, Twitter and other popular social networks, Webroot uncovered numerous behaviors that put social networkers’ identities and wallets at risk. Among the highlights:
- Two-thirds of respondents don’t restrict any details of their personal profile from being visible through a public search engine like Google;
- Over half aren’t sure who can see their profile;
- About one third include at least three pieces of personally identifiable information;
- Over one third use the same password across multiple sites; and
- One quarter accept "friend requests" from strangers
"The growth of social networks presents hackers with a huge target. The amount of time spent on communities like Facebook last year grew at three times the rate of overall Internet growth," said Mike Kronenberg, chief technology officer of Webroot’s Consumer business. "Three in ten people Webroot polled experienced a security attack through a social network in the past year, including identity theft, malware infection, spam, unauthorized password changes and "friend in distress" money-stealing scams. The first step to staying protected is being aware of what the threats are and knowing how to help prevent them."
Social Networks Present New Opportunities for Cybercriminals
Cybercriminals employ various types of trickery and malware to capitalize on risky behaviors. One common tactic is phishing, which hackers use to entice victims into downloading an infected file, visiting a disreputable site outside the social network, or wiring money to a "friend in distress."
In recent months, Webroot has seen an increase in these types of attacks on social networks, including "Trojan-MyBlot," which targeted users of MyYearbook.com, and others targeting Facebook users including "Koobface" and several spread through the domains "mygener.im," "ponbon.im" and "hunro.im."
"Hackers lure users into taking actions they shouldn’t by making it appear as if a friend within their social network has sent them a message – only the message is from a hacker who’s hijacked the friend’s account," continued Kronenberg. "We’ve seen instances where a salacious yet poorly worded message like, ‘This video of u is evrywhere’ includes a link that, when clicked, prompts the user to download a seemingly legitimate file which, once on your PC, can do a number of things -- spam your friends, monitor your online activity or record your personal information."
Hackers can also use less sophisticated means to execute attacks on social networks: The Webroot survey respondents who reported experiencing identity theft, a hijacked account and unauthorized username or password changes may have been victimized by hackers who were able to access their profiles and guess their passwords based on the personal information they included.
Results indicate a general lack of awareness of the security risks on social networks and the tools available to protect personal information, as well as higher rates of risky behaviors exhibited by younger social networkers.
Social networkers make private information public:
- 80 percent allow at least part of their profiles to be searchable through Google or other public search engines; 66 percent don’t restrict any profile information from being visible through public search
- Over half (59 percent) of respondents aren’t sure who can see their profile
- Over one quarter (28 percent) accept friend requests from strangers; of those, one third (36 percent) do not cloak any of their profile information
- About one third (32 percent) include at least three pieces of identifiable information
Privacy concerns outweigh protective actions:
- 78 percent expressed some concern over the privacy of the information they share in their profiles
- However, 36 percent use the same password across multiple sites
- And 30 percent do not have adequate protection against viruses and spyware
Younger users take more risks – 18-29 year olds are more likely to:
- Use the same password across multiple sites (51 percent, versus 36 percent overall)
- Accept a friend request from a stranger (40 percent, versus 28 percent overall)
- Share more personal information that may compromise online privacy (67 percent share birth date, versus 52 percent overall; 62 percent share home town, versus 50 percent overall; 45 percent share employer, versus 35 percent overall)
- Experience a security attack (nearly 40 percent, versus 30 percent overall)
Tips for Safe Social Networking
Webroot recommends the following actions to protect privacy and prevent threats on social networks.
- Guard your personal information – Use privacy settings to restrict who can see your sensitive information, or consider omitting all personal information from your profile
- Be skeptical -- E-mails, friend requests, Web site links and other items from sources you do not know could be laced with malware
- Choose passwords wisely -- Use different passwords for each of your sites; select a randomized combination of numbers and letters
- Have antivirus and antispyware protection – Even if you think you’re not infected, scan your machine for dormant viruses with a free scan; and protect your PC with an Internet security suite that includes antivirus, antispyware, and firewall technologies
- Always install updates – If you’re already using antimalware software, be sure to install updates which include the latest malware definitions; do the same with updates to your operating system
- Even with security in place, remain vigilant – Malware authors are continually writing new programs to avoid detection, so pay close attention to suspicious behavior
Webroot offers several comprehensive Internet security solutions for consumers including Webroot® AntiVirus with AntiSpyware, and Webroot Internet Security Essentials.
©2015 Webroot Inc. All rights reserved. Webroot, SecureAnywhere, and Webroot SecureAnywhere are trademarks or registered trademarks of Webroot Inc. in the United States and other countries.