Facebook, LinkedIn, MySpace and Twitter users are
more vulnerable to financial loss, identity theft and malware
infection than they realise, a survey has revealed.
Social networking sites encourage users to behave in risky
rays, the survey of more than 1,000 users by security firm
Webroot found.
Three in 10 people admitted they had been attacked by
cybercriminals through social networking sites in the past
year.
These attacks include identity theft, malware infection,
unauthorised password changes and friend-in-distress scams.
Yet, two-thirds of respondents said they did not restrict any
details of their personal profile from being visible to search
engines.
Some 80% allow at least part of their profile to be accessed by
search engines and more than half are not sure who can see their
profile.
Criminals typically use personal information to guess passwords
and access accounts, warned Mike Kronenberg, chief technology
officer at Webroot's consumer division.
"A third of those polled said they include at least three pieces
of personally identifiable information in their profiles," he
said.
Once criminals are able to access accounts they hijack them to
send legitimate looking messages containing malware to other
members of the social network.
More than a third of respondents said they use the same password
across multiple sites, which means if one account is compromised,
all others are vulnerable.
This risk is higher among users under 30, where 51% said they
used the same password for all online accounts.
Social networkers should use privacy setting to restrict access
to personal information, restrict personal information in profiles
and use different passwords, said Kronenberg.
"Malware authors are continually writing new programs to avoid
detection, so even if users have anti-malware installed, they
should remain vigilant," he said.