March 22, 2011 at 12:00 PM ET
What's the best way for a hacker to attack Facebook users? A new survey shows an old-fashioned method works pretty well. One out of every five male social network users admits they'll accept any friend request that comes from a woman -- even if that woman is a complete stranger.
Not surprisingly, women are considerably less promiscuous in their "friending" -- only one in 13 said they accept such digital advances from random male strangers, according to the survey conducted by Harris Interactive. But taken together, the survey suggests that some 13 million U.S. adults are willing to accept any random friend request, which usually means giving strangers access to all the intimate details of their lives.
"Americans' lack of caution in friending members of the opposite sex online is striking," said Thomas Oscherwitz, chief privacy officer for ID Analytics, Inc., which sponsored the research. "Friending someone online is not risk-free. … Most social networking profiles contain personal information that can be used by fraudsters, and when you friend someone, you are giving them access to this information."
Criminals who send out friend requests en masse are bound to find many takers, the survey shows. Once they've achieved "friend status," they instantly acquire numerous vectors for attack. They can cull pages for password hints, such as high school mascots, birthplaces or names of relatives and pets. In fact, a prior ID Analytics study found that 70 million Americans reveal their place of birth on a social networking site, often a key piece of information used in Web site "lost your password" retrieval tools. About 20 million Americans reveal their pets' names.
Criminals don't have to do the direct route, however. They can often start collecting data from friends of friends. And they can usually post spam messages on consumers' walls once they achieve trusted status.
Other disturbing findings suggest criminals might not even have to work that hard to use Facebook as a crime platform. ID Analytics estimates that 24 million U.S. adults still keep their profiles open to anyone, making them an easy target for data mining. Once again, men are more lax than women, with 28 percent of male adults skipping any steps to lock down their profiles, vs. 17 percent of women.
Staying private with a little help from friends? Not really.
Not that people trust their friends anyway. The survey found that half of all social network users don't trust their friends to keep their own personal information safe. There's a gender split here, too. Women may be skeptical of strangers, but they are quite a bit more trusting of their friends: Only four in 10 women said they didn't trust friends, compared to six in 10 men.
"In a way, that makes sense, because they are more picky about who their friends are," Oscherwitz said of the women respondents.
Not just being polite
One thing on which there seems near universal agreement: It's OK to ignore people online. Regardless of age or gender, nearly nine of 10 adults don't think it's rude to refuse or ignore an electronic friend request. That means social mores aren't contributing to inflated friend acceptance, just typical unsafe behavior online.
Help with work
The survey does offer a hint about why consumers might be overly digital friendly at the moment -- 39 percent of U.S. adults think it's important to make "as many business connections as possible" when using the Internet, perhaps out of a reasonable desire to network to bolster employment security or prospects. Users take a decidedly more conservative approach to friendly connections online, with only 19 percent saying they wanted to create "as many social connections as possible."
But there's a dangerous disconnect in that disparity, Oscherwitz said. It's often hard, if not impossible, to separate social and business functions when using networking websites. Even those who use different websites, or different identities, to separate work and play find the two end up overlapping.
"Consumers are still trying to understand the rules of the road for how to operate in this world," Oscherwitz said.
One element many consumers might not consider: Often, Facebook friends are for life. That adds to the level of risk. For example: Your Facebook usage might have been minimal a year ago, when you accepted your first 200 random friend requests. But perhaps later, you become a more active user, divulging many more details about your personal life, and becoming more selective in accepting friend requests. But those original random friends still have access to all those details.
It's relatively easy to weed out (delete) unwanted friends, but few social network users take the time to carefully prune their connections on a regular basis. That makes it all the more important whom you do and don't allow into your trusted spaces.
"There are people who may not be in your life any more, but are still your friends on Facebook," Oscherwitz said. "And don't forget friends of their friends and your friends, who may be able to access all that information."
RED TAPE WRESTLING TIPS
Oscherwitz offers three basic reminders for consumers who want to protect themselves: Be careful what you share, protect what you have and monitor what's happening to you.
1. Share carefully
Naturally, it's important to consider which friend requests you approve and which you ignore. If you've been careless in the past, now's a great time to prune your friends list. That's the kind of thing you should probably do at least twice per year -- like changing your smoke detector batteries every time the clock changes for daylight saving time.
2. Protect what you have
It's always a good time to tweak your social network privacy settings. Here's one instruction kit for doing that.
At least once a month, conduct a "vanity Google search" and see what the world knows about you. You can also view your "public" profile on Facebook, or even pick some random friends and see how your profile appears to them.
There are other tools that make monitoring your identity easy. AnnualCreditReport.com offers the only free way to make sure your credit history is accurate. And ID Analytics offers a free tool at MyIDScore.com, which culls the firm's extensive list of transaction data for signs that your identity might be compromised.