Too Trusting

Spammers are starting to move into the social network sites:

Most social networks have internal messaging systems for communication between members. Petre’s group examined that of Facebook, which boasts 5 percent of the world’s population as its users. While Facebook has an antispam engine, the group found that it was better at filtering out phishing e-mails than preventing spam messages from getting through.

The group started by creating fake profiles to trick users into friending them. They created three profiles, one containing almost no information about the user, one with some information, and one with detailed information. They used those profiles to join popular groups and began sending out friend requests.

Within 24 hours, 85 users had accepted a request from the first profile, 108 from the second, and 111 from the third. Petre says that acceptances began to accelerate, since more than 50 percent of the time, users would accept the request if they shared a “mutual friend” with the fake profile. In some cases, he says, users would send a message asking for more information about how they knew this supposed new friend. The researchers didn’t respond to these requests, but in many cases, Petre says, users accepted the request anyway.

The researchers then posted a link without any explanation to the fake profiles’ walls, using a URL shortener to obscure where the link went. Almost 25 percent of the profiles’ “friends” visited the link, Petre says.

I am pretty picky about who I friend on Facebook. I will generally only accept people that I’ve met in meatspace, or at least had previous interactions with on line. Simply having mutual friends is not sufficient. I might friend someone who I don’t know if they provide a message explaining why they want to be my friend, but never if it’s simply a generic friend request. This just seems like basic common sense to me.

16 thoughts on “Too Trusting”

  1. I have been getting a lot of weird friend requests. Unless I know them or have heard of them, I ignore them.

  2. Not to sound like some old “get off my lawn” curmudgeon (I’m not old enough to be THAT curmudgeonly yet), but for the new generation of computer users, “basic common sense” went out the window along with personal responsibility and maintaining one’s own privacy a LONG time ago.

    Then there are the older people who didn’t grow up with computer and are just too trusting and gullible to stay safe online.

    I occasionally see updates from people I know who have been around computer long enough that they should know better when they join one of these fake/spam groups, and I know that they have a sense of privacy and personal responsibility, so in their case, common sense may have been lacking all along.

  3. I am curious as to how many Facebook users were asked to ‘friend’ the fake profiles. The article fails to specify a rate of return. If they tried 10,000 attempts with no information and only got 85 friends, I’d say the Facebook users got it 99% correct, way above expectations. I think the lack of attempts is a poor data omission.

    Interestingly, the people performing the test (“Petre’s group”) work for an Anti-virus software company. I guess it’s in their best interest for everyone to think that spammers can overrun Facebook. Perhaps I shouldn’t be surprised that the number of attempts was not included in the data.

  4. I friend everyone without hesitation. My self-worth is based entirely on how many people are looking at pictures of my dog.

  5. Everytime you friend someone, you get their feeds. Eventually, you are awash in noise.

    Some people I see frequently, I tell them I will not friend them for this reason. There are more immediate ways to reach me. Therefore, I keep my friends to a minimum.

    And you can still send someone on facebook a message without friending them.

  6. I did a little FB experiment in early February and listed “Automation Labs” as a former employer. For the 18 hours it was listed, I received nearly 100 messages filled with vitriol and hate. I could not respond to the messages as the very next thing the sender did was block me. Fun, fun, fun!

  7. Why would one friend someone who is not an actual friend? Are there prizes?

    For the people who use Facebook as a game system to play Mafia Wars, Farm, and all the other stuff Ethan enjoys. To be fair though, I started out playing the Mafia Wars, and found it useful to get me to login and at least check Facebook. That lasted about 2 weeks until the weather got better.

  8. I did a little FB experiment in early February and listed “Automation Labs” as a former employer. For the 18 hours it was listed, I received nearly 100 messages filled with vitriol and hate. I could not respond to the messages as the very next thing the sender did was block me. Fun, fun, fun!

    Fun, fun, fun!

  9. I actually can’t stand those stupid FB games. But by all means, keep trying to pin me down, it’s pretty funny.

  10. Interestingly, the people performing the test (”Petre’s group”) work for an Anti-virus software company. I guess it’s in their best interest for everyone to think that spammers can overrun Facebook. Perhaps I shouldn’t be surprised that the number of attempts was not included in the data.

    Qui bono. Purveyors of anti-virus software seem to be chronic FUD spreaders.

Comments are closed.