sciencetech-blog

comments

If you regularly check your Facebook account, respond to messages and like posts you could be an easy target for cybercriminals.

In a recent study, researchers subjected students to phishing attacks on Facebook, using a fake profile.

They discovered that the majority of regular Facebook users will accept fake friend requests, but those who use the site habitually are more susceptible to fraud and phishing attacks.

Students at the University of Buffalo were asked to participate in an online survey about technology use, including how often they used Facebook, and how concerned they were about security and privacy. Each student was then sent a fake friend request, followed by a phishing message

The research was carried out by Dr. Arun Vishwanath, author of the Journal of Computer-Mediated Communication study.

He asked 150 students at the University of Buffalo to participate in an online survey about technology use.

Buried among the questions were measures to determine each student's Facebook usage, habitual Facebook use, total size of their Facebook social network, and their concern for privacy.

Six weeks later, each student was sent a friend request from a fake Facebook account, created specifically for the study, and all requests were sent to the 150 students within minutes of each other.

A further two weeks later, all the subjects who accepted the fake friend were sent a Facebook message from the fake profile.

To appear similar to a phishing email attack, this message had a grammatical error and a deadline in the body of the text.

The phisher stated that someone he knew was looking for interns, and that interested individuals should respond within three days with their student ID number, email user name and date of birth.

The majority of students who used the site regularly accepted the fake friend request.

But, only the most habitual users fell victim to the phishing attack.

The phishing messages (pictured) stated that someone the user knew was looking for interns, and interested individuals should respond with their personal details. The majority of students who used the site regularly accepted the fake friend requests, but, only the most habitual users fell victim to the phishing attack

'In social media platforms such as Facebook, messages sent within the platform show the picture of the sender,' said Dr Vishwanath.

'It is conceivable that habitual Facebook users see the pictures, presume it is from a friend, and automatically respond to such requests without considering how they are connected with the person, how long they have known him, or who else is connected to that individual.

'Perhaps being connected to a large number of people makes it difficult to discern a friend from a stranger; or frequently interacting with the platform makes individuals more likely to overlook the nuances in the message that might reveal deception.

'Hence, habitual Facebook users appear significantly more likely to be inattentive and automatically provide the information requested by a phisher.'