Users of online social networks may be more vulnerable to financial loss, identity theft and malware infection than they realize, according to a new survey from security software firm Webroot.The survey found two-thirds of respondents don't restrict any details of their profiles from being visible through a search engine like Google and over half are not sure who can see their profile.
About one third include at least three pieces of personally identifiable information and more than one third use the same password for multiple sites. In addition, one quarter accept "friend requests" from strangers.
"The growth of social networks presents hackers with a huge target. The amount of time spent on communities like Facebook last year grew at three times the rate of overall Internet growth," said Mike Kronenberg, chief technology officer of Webroot's Consumer business.
"Three in ten people we polled experienced a security attack through a social network in the past year, including identity theft, malware infection, spam, unauthorized password changes and 'friend in distress' money-stealing scams. The first step to staying protected is being aware of what the threats are and knowing how to help prevent them."
Cybercriminals use various types of trickery and malware to take advantage of risky behaviors. One common tactic is phishing, which hackers use to entice victims into downloading an infected file, visiting a risky site outside the social network, or wiring money to a "friend in distress."
Webroot says in recent months it has seen an increase in these types of attacks on social networks, including "Trojan-MyBlot," which targeted users of MyYearbook.com and others targeting Facebook users.
"Hackers lure users into taking actions they shouldn't by making it appear as if a friend within their social network has sent them a message - only the message is from a hacker who's hijacked the friend's account," continued Kronenberg.
"We've seen instances where a salacious yet poorly worded message like, 'This video of u is evrywhere' includes a link that, when clicked, prompts the user to download a seemingly legitimate file which, once on your PC, can do a number of things -- spam your friends, monitor your online activity or record your personal information."
netizens left a footprint.