In another post I'll talk about the Terms of Service, where you enjoy the benefits of membership in a social network, but lose control of your content and personal information. It would be theft if only you hadn't agreed to the terms. In this post, we'll just talk about how you hand over to thieves, literally, the keys to your castle.
When you post your contacts to Facebook, or to Linked-in, you expose to the public information about yourself. That's what social networking is for, right. It seems harmless, even useful, to display for all the world to see information about who you know, where you live, what your interests are, and your thoughts about work and play. In a protected environment it would indeed be harmless, and when you're looking for a job it could indeed be very useful. But while you are writing on walls and extending your network, a spider is harvesting your FOAF data, your contacts, your profile, your contact information, and other data. And using your data, someone or something is crafting an attack in which one of your contacts is spoofed in an email message with a personalized message, the purpose of which is to direct you to a compelling Web site in which you eagerly hand over your user id and password to a very private account that holds your tangible wealth. Nice, huh?
In a high profile (and controversial) experiment in which students at a Big Ten school were sent phishing emails from their friends and buddies - spoofed, of course, with data harvested from social networks. 72% of them handed over their user accounts and passwords. Seventy Two Percent!!!
Don't run and hide. Don't rip down your Facebook account. Just think about the data you post, and stop to think before you log in to a web service that your friend recommends. Better yet, send a text message and ask if the email was legit, and while you're at it, ask about the service. Look at the URL, and Google the service - do things match? Hey, your friends are no way as smart as you are, eh?
Blogged with Flock
0 comments:
Post a Comment