Do you really know all your Facebook “friends’’?
Beware, if your answer is ‘No’, as researchers say you could be putting your private details at risk every time you say ‘Yes’ to an unknown friend request.
A team at the University of British Columbia in Canada found a worrying way to evade Facebook’s security measures entirely and harvest information from the popular social networking site.
They created a team of “fake” Facebook users who were able to harvest tens of thousands of email addresses and private information from unsuspecting users, without human input, the Daily Mail reported.
Such basic information is often sufficient to launch an identity theft attack or launch a “phishing” attack to pilfer somebody’s bank details, said lead researcher Yazan Boshmaf.
“An attacker could do many things with this data.”
According to the researchers, the fake Facebook users, known as Socialbots, were software agents that function almost like a social computer virus and can manipulate a Facebook account, pretending to be a human being.
The ‘Socialbots’ created by the team began sending friend requests to random users. Each was armed with a profile picture and name — but were totally unknown to their new “friends’’.
The team found that one in five users accepted the friend requests, even without knowing them. The figure rose when the ‘Bots’ attempted to befriend the friends of the “friends” they already had on the network.
Because the ‘Bots’ seemed to be friends of friends, 60 per cent of people accepted the requests.
The team unleashed 102 Socialbots on the network. Within weeks, they had made 3,000 friends, they reported in New Scientist.
According to the researchers, many people’s privacy settings ‘shield’ private data such as email addresses or their physical address from the public — but leave the data open to friends.
The team of Socialbots were able to harvest 46,500 email addresses and 14,500 physical addresses from users’ profiles.
The attack launched by Boshmaf’s team was small scale — and Facebook’s defences could pick up on large numbers of socialbots.
But if the software were “cleverer” than the basic models used by Boshmaf, then Facebook’s protection would be rendered useless, the researchers added.