Legal and General, an insurance company with obvious concerns over burglary, has been looking at social media as a tool for burglars. Its report, Digital Criminal 2012: CyberSafety report, highlights the remarkably relaxed attitude users have when they believe they are talking only to their friends, despite the tendency to increase that network to include barely or completely unknown people (a practice known as ‘face bragging’).
For example, nine out of ten Brits (91%) using social media admit they have been asked to connect online with someone they have never met – and more than half have accepted those requests. This is not a new problem. Back in 2007, Sophos created Freddi Staur (an anagram of 'ID Fraudster'), a green frog looking for friends. It found that 41% of users would befriend the toy despite minimal information about it. If anything, Legal and General demonstrates that an old problem is actually getting worse.
The danger highlighted by L&G is the extent of personal data posted to social media accounts. More than half of social media users now discuss evening and holiday plans as a matter of course on Facebook or on Twitter. This is up from 45% in 2009; re-enforcing the notion that users are increasingly relaxed on social media despite the increased frequency of warnings. It’s when these two tendencies come together, accepting unknown friends and telling them what you’re doing, that both cyber and physical criminals are given an open invitation.
The opportunity has not gone unnoticed by the criminals. Michael Fraser, a reformed burglar and star of the BBC's Beat the Burglar show explained the process: “While people are becoming savvier about privacy settings on social networks,” he said, “they can also develop a false sense of security with their online connections.” People think they can trust unknown friends: wrong. They “unwittingly expose a wealth of personal information – a real goldmine for burglars.” Cybercriminals have learnt how to spot an easy target. “For example,” continued Fraser, “someone with over 500 friends on Facebook is very unlikely to know all those people personally and will therefore be much more likely to accept a stranger’s friend request. By befriending a number of the target user’s other friends beforehand, the victim is even more likely to accept the fake friend, inadvertently giving the burglar access to all their personal information.”
Mike Johnson of The Risk Management Group (TRMG) comments, “People are three times more likely to connect to someone they’ve never met if they have a mutual friend in common, due to something known as the Triadic Closure Principle.” Digital criminals are tapping into these insights in order to make their fake profiles as enticing as possible, creating a web of lies to hone in and ensnare potential targets. “In some cases,” continued Johnson, “they even let the victims come to them, thus planting in the victim’s mind the notion that the faked profile must be trustworthy ‘because I chose to approach it’.”
To counter these dangers, L&G offers social media users a five-point checklist: be secure (firewalls, anti-virus, strong passwords, etc); clean up your footprint; check and strengthen the privacy settings; be wary of strangers (that is, adopt the same ‘stranger danger’ principles that we teach our kids); and limit what you publish.