Report: Bad guys go social; Facebook tops security risk list

A new security report finds that bad guys are targeting social networking sites like Facebook to spread malware.
Written by Sam Diaz, Inactive on

Internet bad guys hit Facebook, Twitter and other online social properties in a big way this past year, looking for ways to rummage through your personal information and trick you into clicking some bad links for them.

A report published today by IT security firm Sophos said that spam and malware on social networks sites are on the rise, with 57 percent of users reporting that they have been spammed on social networking sites, an increase of nearly 71 percent from a year ago. Likewise, 36 percent said they have been sent malware via social networking, up nearly 70 percent from the previous year.

And the majority seem to be eyeing Facebook. Among the respondents, 61 percent said that  Facebook poses the biggest security risk, second to MySpace, with 18 percent, and Twitter with 17 percent. Only 4 percent considered LinkedIn to be the biggest security risk site. To put it into perspective, Graham Cluley, senior technology consultant for Sophos, said::

We shouldn’t forget that Facebook is by far the largest social network – and you’ll find more bad apples in the biggest orchard. The truth is that the security team at Facebook works hard to counter threats on their site – it’s just that policing 350 million users can’t be an easy job for anyone. But there is no doubt that simple changes could make Facebook users safer. For instance, when Facebook rolled-out its new recommended privacy settings late last year, it was a backwards step, encouraging many users to share their information with everybody on the Internet.

Here's something that struck me as interesting: 72 percent of the firms surveyed said they're concerned that employee behavior on these sites puts their infrastructures and sensitive data at risk. Yet, 49 percent of these firms allow their staff unfettered access to Facebook, up 13 percent from a year ago.

A detailed report, as well as some predictions for emerging cybercrime trends, is available for download. (PDF)

Editorial standards