Researchers at SUNY Buffalo have found that habitual Facebook users — those who are on the site more frequently than their peers — were more susceptible to phishing scams. How did they figure this out? By asking them about their habits and then surreptitiously creating a fake friend who then asked them for private information, including their student ID number and date of birth.
Quoth the researchers:
￼Arun Vishwanath (Associate Professor of Communication, University at Buffalo – State University of New York) subjected 150 college students to real phishing attacks on Facebook. At the beginning of the semester students were asked to participate in an online survey on general technology use, buried among these questions were measures for their Facebook usage habits. Six weeks after the survey, the participants were located on Facebook and each student was sent a friend-request from a phony Facebook account. Two weeks later, an information-request was sent to them from that profile. This communication asked for the participants’ student ID number, e-mail username, and date of birth.
It turns out the more you used the service the more likely you were to give up your information. While we could argue that the information provided was innocuous, it’s a very interesting correlation. As we begin to trust these services with more and more information, the researchers posit, we become less careful about what we send to whom.
“We need to next develop remedial interventions that target such individuals and help them develop better cyber-hygiene,” said Vishwanath. “This would not only help them but it will also protect all of us from phishing attacks, since the Pew Center has estimated that the average Facebook user can reach anywhere from 70,000-150,000 other people through their friends networks.”
The experiment appeared in the Journal of Computer-Mediated Communication and is an effort to help folks stop falling for phishing scams. I’d be happy to send you more information, incidentally, if you enter your home address and work hours in the comments below. After all, friends help friends.