SlideShare ist ein Scribd-Unternehmen logo

Facebook white paper2011

CPPGroup Plc
CPPGroup Plc
Technologie
1 von 15
Downloaden Sie, um offline zu lesen
Social networking users expose passwords online A CPP white paper November 2011
Contents 1.1 Foreword 1.2 Background News 1.3 Research methodology 1.4 Key Findings - One third (32%) of Facebook profiles contain at least two pieces of personal information - Only one per cent of Facebook users had no data points on their public profiles - The majority of people do not trust all of their Facebook ‘friends’ - 18-24 year olds have, on average, more than 250 friends, but 81% say they do not trust all their Facebook friends - Women and those aged 65 and over are the most trusting of their Facebook friends - People are prepared to accept friend requests from a total stranger - 9% said they would accept an invitation from a stranger if they were good looking or popular - Six per cent of users allow anyone and everyone to see their entire profile - 15% allow everyone to see their date of birth which is a very common form of account verification - One in four people are logged into their Facebook account most or all the time - Only 14% said they had antivirus or security settings on their smartphones 1.5 Sample attacks 1.6 Conclusion 1.7 Safeguarding your identity 1.8 Further Information 1.9 About CPP Social networking users expose passwords online November 2011
Introduction 2 1.1 Foreword During September 2011 Jason Hart, CEO of CRYPTOCard Europe, was commissioned by CPP to perform a review of 250 public Facebook profiles. The scope of the assessment was to highlight any information that could relate to an individual’s password and/or sensitive information and allow a potential targeted attack against the individual by means of social engineering. Passwords are based on the psychology behind what people choose as their passwords. People choose easy patterns on the keyboard, like ‘123456’ or ‘qazwsx’. In addition people choose their children’s names, birth dates and favourite sports teams. By understanding a person and looking at their Facebook account it is very easy to use their social network profile to potentially guess their password. However the password may have a small twist. Knowing that ‘ronnie’ is popular password for football fans, there may be different variants like ‘r0nnie’ or ‘ronnie1234’. During a period of four days, 250 public Facebook profiles were reviewed in order to see if any of the following information was present within the Facebook profile: - Interests - First school - Hobby - Pets name - Favourite football team - Dates of birth - Favourite football player - The user’s name - Childrens names - Maiden name The risk of having the above information publicly present within Facebook leaves the user at risk of being targeted by way of an attacker using the information to guess the user’s Facebook password or any other passwords that the user has in place for personal or business use. The two largest forms of risk are based around: - Password attacking by way of guessing (or ‘brute force’ attack), based on information uncovered within the public Facebook profile - Targeted social engineering attacks Social engineering is similar to hacking in that it is used to gain unauthorised access to systems or information to commit fraud, network intrusion and industrial espionage, identify theft or a simple disruption. However, social engineering is generally much easier than technical intrusion (hacking), as it does not require the technical know-how or background to be completed successfully. Rather, it simply involves using personal information. It is extremely difficult to prepare statistical evidence on the impact of such attacks on individuals because in most cases it will not be known when a social engineer has stolen information as the majority of attacks go unnoticed and unreported. Social networking users expose passwords online November 2011
3 1.2 Background News - Personal details of 10,000 people were stolen from their Facebook accounts and leaked online according to a hacking group, which claimed responsibility for the attack. The group, called Team Swastika, briefly posted the file which it said contained the user names and passwords of Facebook users.1 - Recently, a new software tool emerged which automates social engineering on Facebook. Unlike hacking software, this tool doesn’t demonstrate any new The personal theoretical security vulnerability. However, the automation of the social engineering process may have significant practical security implications as it details of can be launched by every script kiddie.2 - The number of people falling victim to identity fraud is rising, with employees 10,000 people and members of the public not doing enough to protect themselves, experts have warned. A total of 80,000 cases were reported across the UK last year, were stolen with victims losing £1,190 on average.3 - Phone hacking fears dominate consumers’ security concerns about new from their ‘mobile wallet’ payment systems and are likely to hamper UK adoption of new ‘swipe and pay’ smartphone systems.4 Facebook - Mobile malware increased 273% in the first half of this year, with cross- platform Trojans dominating the landscape.5 accounts and - 40% of mobiles lost or stolen in the last two years were not password protected.6 leaked online - According to internet service provider, Talk Talk, more than eight million homes in the UK were targeted by cyber criminals in the first quarter of 2011, with problems ranging from bombardments by unwanted pop-ups adverts to full-scale attacks. The Office for National Statistics said that 77% of homes have internet access, but more than a fifth of users do not believe they possess the skills needed to protect their personal data.7 1 The Independent, ‘Hackers claim Facebook attack’, 19 October 2011 2 Contingency Today, ‘automated Facebook identity threat’, 20 September 2011 3 The Scotsman, ‘Victims of ID fraud losing £1,190- and it’s on the rise’, 20 October 2011 4 PRNewswire, ‘Intersperience research reveals mobile payment security concerns’, 14 October 2011-10-21 5 SC Magazine UK, ‘Mobile malware rockets this year’, 12 September 2011 6 Walletpop, ‘Would you lose everything if you lost your mobile phone?’, 13 September 2011 7 Managed Hosting News, ‘Cyber criminals targeted 8.5m UK homes in Q1’, 21 September 2011 Social networking users expose passwords online November 2011
4 1.3 Research Methodology ICM interviewed a random sample of 2,030 adults aged 18+ online between 9-11 September 2011. Surveys were conducted across the country and the results have been weighted to the profile of all adults. ICM is a member of the British Polling Council and abides by its rules. Further information at www.icmresearch.co.uk During September 2011, Jason Hart was commissioned by CPP to perform a review of 250 public Facebook profiles, to identify any information that could relate to an individual’s password and/or sensitive information that could allow a potential targeted attack against the individual. At no point during the research was any user’s data or online webmail accounts compromised. 1.4 Key Findings One third (32%) of Facebook profiles contains at least two pieces of personal information The audit of Facebook profiles showed that one third of Facebook profiles contain at least two pieces of personal information such as their mother’s maiden name, date of birth, hobbies or children’s names. 27% of the profiles contained three pieces of personal information and five per cent had more than six pieces of personal information. Only 1% of Facebook users had no data points on their public profiles. Because this information is often used as a password or as an answer to a security question when users look to reset their online account log-in details, we can conclude that people are freely adding and publicly showing sensitive information on their Facebook profiles that can be used against them to either guess or socially engineer their passwords. How much data was given by each profile? 5% 1% 12% 7% 1 piece 2 pieces 3 pieces 4 pieces 5 pieces 16% > 6 pieces No data 32% Source: Jason Hart based on 250 random Public Facebook profiles, 27% September 20111 Social networking users expose passwords online November 2011
5 People revealing data on public Facebook profiles. 80 70 70 60 Individual pieces of data 50 50 40 40 30 60 20 20 10 10 0 0 First School Childrens names Interests Football team Employer Email Hobbies Maiden name Favourite player Pet’s name Dates of interest Source: Jason Hart based on 250 random Public Facebook profiles, September 20111 The majority of people do not trust all of their Facebook ‘friends’ Only 36% of Facebook users profiled trust all of their friends. As the most active social media users, those aged 18 to 24 are the most likely to publicise their personal information – and often to complete strangers. This age group has on average more than 250 friends but 81% say they do not trust all of their Facebook friends. Unsurprisingly the number of Facebook friends decrease with age: 18 to 24 year olds (261 friends), 25 to 34 year olds (196 friends), 35 to 44 year olds (120 friends), 45 to 54 year olds (93 friends), 55 to 64 year olds (65 friends), 65 and over (47 friends). Women and those aged 65 and over are most trusting of their Facebook friends. When we asked over 2,000 people if they had ever been a victim of identity fraud that originated from someone accessing details from any of their social media accounts (Facebook, Twitter and LinkedIn) 6% said they had, with 10% of 25-34 year olds claiming to have been a victim of identity fraud via their details having being taken from their profiles. Given identity fraud is a growing crime; this statistic is high and points to an area of vulnerability. Social networking users expose passwords online November 2011
6 The data below shows the percentage of people who trust all their Facebook friends 50 57% 46% 44% 40 38% 39% Only 36% of 30 33% Facebook 20 19% 23% users trust all 60 their friends 10 0 All respondents with an account with Facebook Male 18-24 45-54 Female 25-34 55-64 35-44 65+ Q: To your knowledge have you ever been a victim of identity fraud that originated from someone accessing details from any of your social media accounts (Facebook, Twitter and LinkedIn) 100 Yes No 91% 91% 93% 89% 89% 89% 88% 85% 80 60 40 20 10% 8% 6% 7% 7% 4% 3% 3% 0 All respondents with an account with Facebook Male 18-24 35-44 55-64 Female 25-34 45-54 65+ Social networking users expose passwords online November 2011
7 People are prepared to accept friend requests from a total stranger One third (33%) of people admit to accepting an invitation from people they have never met before with those aged 18-24 most likely to accept a friend request from a total stranger (50%). Men were more likely (37%) to accept friend requests from total strangers than women (29%) although both are surprisingly high. When we asked ‘why’, a small, but significant minority (9%), said they would accept an invitation from a stranger, if they were good looking or popular. Some Facebook users would also accept invitations simply so they can boost the number of friends they have on their profiles. 15% of Facebook users have not seen or spoken to many of their friends in over ten years. Q: Have you ever accepted a friend request on Facebook from a stranger i.e. someone you don’t know and have never met in real life? 100 Yes No 84% 80 76% 73% 70% 67% 63% 61% 60 50% 49% 37% 38% 40 32% 29% 27% 24% 20 16% 0 All respondents with an account with Facebook Male 18-24 35-44 55-64 Female 25-34 45-54 65+ Six per cent of users allow anyone and everyone to see their entire profile Over half (52%) of the social networkers questioned had received friendship requests from strangers. And despite media publicity around Facebook privacy and security, as well as identity fraud which shows no sign of abating, 6% allow anyone and everyone to see their entire profile. 15% of people allow everyone to access their date of birth which is a very common security question both for online accounts and for contact centre account verification. Social networking users expose passwords online November 2011
8 More concerning, however, is that ‘friend’ status means a lot more information is accessible. And with many users accepting friend requests from people they do not know and two-thirds of people not trusting all their Facebook friends, many users are potentially putting their identities at risk. This is surprising given the fact that 49% of people are aware that it is possible to use Half of personal information accessible on Facebook or other social networking sites in order to commit identity fraud. Indeed 55% of 18-24 year olds understand this, yet they are the people are most likely to have the most friends and least likely to trust them all. Separately, one in four people are logged onto the site all or most of the time. Given an aware increasing number of people access Facebook from their smartphones, we have a developing situation where they are leaving themselves open to impersonation should personal their handsets be lost or stolen. When questioned further on their handset security, only 14% said they had antivirus or information security settings on their smartphones. on social Q: Who can access the following on your Facebook profile? networking 80 80 72% 70 70 68% sites can be 60 60 62% 60% 54% used to 50 40 40 commit 30 30 27% identity fraud 20 20 10 12% 7% 8% 11% 17% 20% 11% 7% 13% 11% 8% 13% 13% 10 6% 0 0 Your status, photos Bio and favourite Family and Photos and videos Religious and and posts quotations relationships you’re tagged in political views 80 80 71% 70 70 67% 60% 60 60 54% 50 50 40 40 31% 30 30 25% 20 20 15% 12% 12% 10 10 7% 8% 9% 9% 6% 8% 5% 0 0 Birthday Permission to comment Places you check into Contact information on your posts Everyone Friends of friends Friends No one Social networking users expose passwords online November 2011
9 Examples of how personal details visible on Facebook can be used by hackers: Information type Potential Impact Rsk Factor First School First school is often used as a High - if used as the answer to security question on web-based web-based security questions applications and social networks Employer An attacker can use this Medium to high - risk to the information to conduct a social user and employer engineering attack to target the user’s employer Dates of Interest People that publicly display their High – as DOB is used by most date of birth are open to banks as one form of different forms of identity fraud identification Email Address This allows the user to become a Medium to high – based on if potential target to password the user is using a web based reset attacks and is a potential email address way to start spear phishing attacks Maiden Name People that publicly display their High – maiden name is used by maiden name also leave family most banks as one form of members open to different identification forms of identity threat Social networking users expose passwords online November 2011
10 1.5 Sample Attacks The review concludes that people are freely adding sensitive information to their Facebook profiles without understanding the possible implications of the data being publicly available. There are several methods to attempt to determine a user’s password, based on information posted on the user’s social network profile. - Looking for answers to password reset questions. Users of social networks sometimes inadvertently reveal information that could be used to reset passwords either on the social network itself or on popular webmail services such as Google, Hotmail and Yahoo! Mail. For example, on a user’s Facebook profile you are likely to find information like mother’s maiden name, place of birth, the colour of their first car and so on. These questions are similar, if not identical, to many password reset functions of popular webmail or even online banking services. If an attacker can gain access to the user’s webmail People are account using this method, all it takes is using the password reset functionality on the social network to send a new password (or reset link) to the e-mail freely adding account, which becomes under the attacker’s control. - Guessing the password. It may seem very trivial to think about, but based on sensitive the public information you find on a user’s Facebook profile, you can guess the password. For example, try their favourite foods and drinks, family names, as information to well as hobbies and sports teams. - Creating a word list. There are a number of tools that are available on the their web that can collect keywords from a web page (Facebook profile) and put them into a wordlist. Once the list has been created the list can be used to Facebook conduct a ‘brute force’ password attack using the wordlist. The accuracy of the attack is largely dependent on how well the web application being targeted profiles employs any brute force prevention mechanisms. In order to show an example of an attack we have taken one of the profiles uncovered without during the audit and have seen if it would be possible for an attacker to undertake a password reset attack on this user’s webmail account. understanding The attack is based on a five step process: the serious - Uncovering webmail address on Facebook - Accessing the password reset webpage for the target webmail account implications - Forcing the webmail service to reveal the secret question of doing so - Reviewing the Facebook profile to find the answer to the secret question - Resetting the Webmail password In order to show the process in action, please refer to the screen shots below. At no point during the Facebook audit or writing this report was any user’s data or webmail accounts compromised. Social networking users expose passwords online November 2011
11 Step 1 A review of the Facebook audit showed that 9% of the profiles were publicly showing the user’s webmail email address: Step 2 Once an attacker has the e-mail address they are able to go to the webmail service based on the email address and click on the ‘Forgot your password?’ button. In this case we are using Hotmail as the example, but all webmail systems work in the same way: Step 3 The attacker is then requested to enter the email address of account is looking to reset: Social networking users expose passwords online November 2011
12 Step 4 Reviewing of the Facebook profile reveals the name of the favourite football team Step 5 The attacker is able to reset the password and gain full control and access to the users e-mail account. 1.6 Conclusion The review has recognised that people are putting themselves at great risk by not knowing the potential threats of having their passwords guessed or hacked. Social networks are designed to allow sharing of personal information with others. Without this sharing, social networks would cease to exist. However, protecting and controlling access to personal information does not seem to be a consideration for many users. The more information people share with the world the more valuable and vulnerable they are to hackers. People need to understand that their privacy and risk of being a target is mostly dependent on what they are posting on Facebook and other social networking sites, as well as how privacy settings are configured for each social network site they are a member of. Social networking users expose passwords online November 2011
13 1.7 Safeguarding your identity Danny Harrison is Head of Data and Identity Protection at CPP and offers the following advice to consumers to help protect them from data loss. Danny has over ten years’ experience and is responsible for CPP’s mobile phone assistance and insurance products Review your that insure against lost, stolen and damaged handsets, and also assists people in the event of lost data. privacy Danny is media trained across print and broadcast and is available for media interviews on the issue of data security and identity fraud. settings Users have to start considering ways of mitigating risks by ensuring that they use some basic guidelines around password creation and management. With social networks, - social personal responsibility of information and data is key. The following recommendations will help prevent password guessing and ‘brute force’ attacks against users. networks Having a unique password for every website: Suppose your Facebook account or webmail gets hacked and you have the same password for every website. This means that generally have you have effectively compromised all the accounts that use that same password. Always create a unique password for each website you use. default Personal Information: Ensure that you are not posting any personal information on Facebook that can be used against you, for example date of birth, mother’s maiden name, settings that email address etc. Enforce Two factor authentications: A number of web based applications and social allow networking sites now provide users with the ability remove the need for static passwords and allow them to enable two factor authentication, thus totally removing the risks of the everyone to user’s password being compromised. view your Privacy settings on your social network profiles: Review the privacy settings on your social networks to ensure they meet your expectations. Social networks generally have default settings that allow everyone to view your information. information For further information please contact: Nick Jones Head of Public Relations CPPGroup Plc Holgate Park York YO26 4GA www.cppgroup.plc Tel: 01904 544 387 E-Mail: nick.jones@cpp.co.uk Social networking users expose passwords online November 2011
14 CPP is an award- winning organisation: - Top 50 Call Centres for Customer Service, 2009, 2010 and 2011 - Finalist in the Plc Awards, New Company of the Year, 2011 - Winner in the European Contact Centre Awards, Large Team of the Year category, 2010 - Finalist in the European Contact Centre Awards, Best Centre for Customer Service, Large Contact Centre of the Year categories, 2010 - Finalist in the National 1.8 About CPP Sales Awards, Contact Centre Sales Team of the Corporate Background Information Year category, 2010 The CPPGroup Plc (CPP) is an international marketing services business offering bespoke - Finalist in the National customer management solutions to multi-sector business partners designed to enhance Insurance Fraud Awards, Counter Fraud Initiative of their customer revenue, engagement and loyalty, whilst at the same time reducing cost to the Year category, 2009 deliver improved profitability. - Finalist in the European This is underpinned by the delivery of a portfolio of complementary Life Assistance Contact Centre Awards, products, designed to help our mutual customers cope with the anxieties associated with Large Team and Advisor of the challenges and opportunities of everyday life. the Year categories, 2009 Whether our customers have lost their wallets, been a victim of identity fraud or looking - Named in the Sunday for lifestyle perks, CPP can help remove the hassle from their lives leaving them free to Times 2008 Pricewaterhouse Coopers enjoy life. Globally, our Life Assistance products and services are designed to simplify the Profit Track 100 complexities of everyday living whether these affect personal finances, home, travel, personal data or future plans. When it really matters, Life Assistance enables people to live - Finalists in the National life and worry less. Business Awards, 3i Growth Strategy category, Established in 1980, CPP has 11 million customers and more than 200 business partners 2008 across Europe, North America and Asia and employs 2,300 employees who handle - Finalist in the National millions of sales and service conversations each year. Business Awards, Business of the Year In 2010, Group revenue was £325.8 million, an increase of more than 12 per cent over the category, 2007, 2009 and previous year. Highly Commended in 2008 In March 2010, CPP debuted on the London Stock Exchange (LSE). - Named in the Sunday What We Do: Times 2006, 2007, 2008 and 2009 HSBC Top Track CPP provides a range of assistance products and services that allow our business partners 250 companies to forge closer relationships with their customers. - Regional winner of the We have a solution for many eventualities, including: National Training Awards, 2007 - Insuring our customers’ mobile phones against loss, theft and damage - Winner of the BITC Health, - Protecting the payment cards in our customers’ wallets and purses, should Work and Well-Being these be lost or stolen Award, 2007 - Providing assistance and protection if a customer’s keys are lost or stolen - Highly Commended in the UK National Customer - Providing advice, insurance and assistance to protect customers against the Service Awards, 2006 insidious crime of identity fraud - Winner of the Tamworth - Assisting customers with their travel needs be it an emergency (for example Community Involvement lost passport), or basic translation service Award, 2006. Finalist in 2008 - Monitoring the credit status of our customers - Highly Commended in - Provision of packaged services to business partners’ customers The Press Best Link Between Business and Education, 2005 and 2006. Winner in 2007 For more information on CPP please visit www.cppgroupplc.com Social networking users expose passwords online November 2011

Empfohlen

Spiritual social media & mobile devices
Spiritual social media & mobile devicesSpiritual social media & mobile devices
Spiritual social media & mobile devicesErnest Staats
 
Social & mobile security
Social & mobile securitySocial & mobile security
Social & mobile securityErnest Staats
 
Social Networks And Phishing
Social Networks And PhishingSocial Networks And Phishing
Social Networks And Phishingecarrow
 
Rules of netiquette & cyber crimes
Rules of netiquette & cyber crimesRules of netiquette & cyber crimes
Rules of netiquette & cyber crimesmarkgernale24
 
How big is your digital footprint fall 2012
How big is your digital footprint fall 2012How big is your digital footprint fall 2012
How big is your digital footprint fall 2012kschermerhorn
 
Multimedia01
Multimedia01Multimedia01
Multimedia01Les Davy
 
Sophos Security Threat Report Jan 2010 Wpna
Sophos Security Threat Report Jan 2010 WpnaSophos Security Threat Report Jan 2010 Wpna
Sophos Security Threat Report Jan 2010 Wpnadelamm2
 
Internet safety presentation 2014
Internet safety presentation 2014Internet safety presentation 2014
Internet safety presentation 2014KanelandSvihlik
 

Empfohlen

Spiritual social media & mobile devices
Spiritual social media & mobile devicesSpiritual social media & mobile devices
Spiritual social media & mobile devicesErnest Staats
 
Social & mobile security
Social & mobile securitySocial & mobile security
Social & mobile securityErnest Staats
 
Social Networks And Phishing
Social Networks And PhishingSocial Networks And Phishing
Social Networks And Phishingecarrow
 
Rules of netiquette & cyber crimes
Rules of netiquette & cyber crimesRules of netiquette & cyber crimes
Rules of netiquette & cyber crimesmarkgernale24
 
How big is your digital footprint fall 2012
How big is your digital footprint fall 2012How big is your digital footprint fall 2012
How big is your digital footprint fall 2012kschermerhorn
 
Multimedia01
Multimedia01Multimedia01
Multimedia01Les Davy
 
Sophos Security Threat Report Jan 2010 Wpna
Sophos Security Threat Report Jan 2010 WpnaSophos Security Threat Report Jan 2010 Wpna
Sophos Security Threat Report Jan 2010 Wpnadelamm2
 
Internet safety presentation 2014
Internet safety presentation 2014Internet safety presentation 2014
Internet safety presentation 2014KanelandSvihlik
 
Social mobile safety
Social mobile safetySocial mobile safety
Social mobile safetyErnest Staats
 
Empowerment
EmpowermentEmpowerment
Empowermentrairuta
 
Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Taylor Van Sickle
 
Empowerment technology
Empowerment technologyEmpowerment technology
Empowerment technologypizonaim
 
Social Network Crime on Rise
Social Network Crime on RiseSocial Network Crime on Rise
Social Network Crime on RiseDominic Karunesudas
 
Moral presentation
Moral presentationMoral presentation
Moral presentationKhailingWong
 
Does Technology Make Any Difference in our Social Life
Does Technology Make Any Difference in our Social LifeDoes Technology Make Any Difference in our Social Life
Does Technology Make Any Difference in our Social LifeNorthern User Experience
 
Empowerment Technologies - Module 2
Empowerment Technologies - Module 2Empowerment Technologies - Module 2
Empowerment Technologies - Module 2Jesus Rances
 
KidSafe - Parental Training Presentation
KidSafe - Parental Training PresentationKidSafe - Parental Training Presentation
KidSafe - Parental Training PresentationOCTF Industry Engagement
 
Migo my labs
Migo my labsMigo my labs
Migo my labsrairuta
 
Facebook and Your Child
Facebook and Your ChildFacebook and Your Child
Facebook and Your ChildLuanda International School - Secondary Library
 
Facebook Attacks - an in-depth analysis
Facebook Attacks - an in-depth analysisFacebook Attacks - an in-depth analysis
Facebook Attacks - an in-depth analysisCyren, Inc
 
Safe Social Networking Handout
Safe Social Networking HandoutSafe Social Networking Handout
Safe Social Networking HandoutNerium International
 
Internet safety presentation 2012
Internet safety presentation 2012Internet safety presentation 2012
Internet safety presentation 2012KanelandSvihlik
 
Your e image presentation
Your e image presentationYour e image presentation
Your e image presentationlahill16
 
Learn internet governance initiative child online safety by shreedeep rayamaj...
Learn internet governance initiative child online safety by shreedeep rayamaj...Learn internet governance initiative child online safety by shreedeep rayamaj...
Learn internet governance initiative child online safety by shreedeep rayamaj...Shreedeep Rayamajhi
 
September 2014 cyber safety presentation
September 2014 cyber safety presentationSeptember 2014 cyber safety presentation
September 2014 cyber safety presentationjaurisch
 
Social Media SSPS
Social Media SSPSSocial Media SSPS
Social Media SSPSmicaja
 
Social Network
Social NetworkSocial Network
Social NetworkAnkan Banerjee
 
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewSocial Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewPeter Wood
 
Lesson 2_Rules_of_Netiquette.pptx
Lesson 2_Rules_of_Netiquette.pptxLesson 2_Rules_of_Netiquette.pptx
Lesson 2_Rules_of_Netiquette.pptxJoy Dugayo
 
Lesson 2 rules of netiquette
Lesson 2 rules of netiquetteLesson 2 rules of netiquette
Lesson 2 rules of netiquetteEmmanuelaSernicul
 

Weitere ähnliche Inhalte

Was ist angesagt?

Social mobile safety
Social mobile safetySocial mobile safety
Social mobile safetyErnest Staats
 
Empowerment
EmpowermentEmpowerment
Empowermentrairuta
 
Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Taylor Van Sickle
 
Empowerment technology
Empowerment technologyEmpowerment technology
Empowerment technologypizonaim
 
Moral presentation
Moral presentationMoral presentation
Moral presentationKhailingWong
 
Does Technology Make Any Difference in our Social Life
Does Technology Make Any Difference in our Social LifeDoes Technology Make Any Difference in our Social Life
Does Technology Make Any Difference in our Social LifeNorthern User Experience
 
Empowerment Technologies - Module 2
Empowerment Technologies - Module 2Empowerment Technologies - Module 2
Empowerment Technologies - Module 2Jesus Rances
 
Migo my labs
Migo my labsMigo my labs
Migo my labsrairuta
 
Facebook Attacks - an in-depth analysis
Facebook Attacks - an in-depth analysisFacebook Attacks - an in-depth analysis
Facebook Attacks - an in-depth analysisCyren, Inc
 
Internet safety presentation 2012
Internet safety presentation 2012Internet safety presentation 2012
Internet safety presentation 2012KanelandSvihlik
 
Your e image presentation
Your e image presentationYour e image presentation
Your e image presentationlahill16
 
Learn internet governance initiative child online safety by shreedeep rayamaj...
Learn internet governance initiative child online safety by shreedeep rayamaj...Learn internet governance initiative child online safety by shreedeep rayamaj...
Learn internet governance initiative child online safety by shreedeep rayamaj...Shreedeep Rayamajhi
 

Was ist angesagt? (16)

Social mobile safety
Social mobile safetySocial mobile safety
Social mobile safety
 
Empowerment
EmpowermentEmpowerment
Empowerment
 
Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?Perimeter E-Security: Will Facebook Get You Hired or Fired?
Perimeter E-Security: Will Facebook Get You Hired or Fired?
 
Empowerment technology
Empowerment technologyEmpowerment technology
Empowerment technology
 
Social Network Crime on Rise
Social Network Crime on RiseSocial Network Crime on Rise
Social Network Crime on Rise
 
Moral presentation
Moral presentationMoral presentation
Moral presentation
 
Does Technology Make Any Difference in our Social Life
Does Technology Make Any Difference in our Social LifeDoes Technology Make Any Difference in our Social Life
Does Technology Make Any Difference in our Social Life
 
Empowerment Technologies - Module 2
Empowerment Technologies - Module 2Empowerment Technologies - Module 2
Empowerment Technologies - Module 2
 
KidSafe - Parental Training Presentation
KidSafe - Parental Training PresentationKidSafe - Parental Training Presentation
KidSafe - Parental Training Presentation
 
Migo my labs
Migo my labsMigo my labs
Migo my labs
 
Facebook and Your Child
Facebook and Your ChildFacebook and Your Child
Facebook and Your Child
 
Facebook Attacks - an in-depth analysis
Facebook Attacks - an in-depth analysisFacebook Attacks - an in-depth analysis
Facebook Attacks - an in-depth analysis
 
Safe Social Networking Handout
Safe Social Networking HandoutSafe Social Networking Handout
Safe Social Networking Handout
 
Internet safety presentation 2012
Internet safety presentation 2012Internet safety presentation 2012
Internet safety presentation 2012
 
Your e image presentation
Your e image presentationYour e image presentation
Your e image presentation
 
Learn internet governance initiative child online safety by shreedeep rayamaj...
Learn internet governance initiative child online safety by shreedeep rayamaj...Learn internet governance initiative child online safety by shreedeep rayamaj...
Learn internet governance initiative child online safety by shreedeep rayamaj...
 

Ähnlich wie Facebook white paper2011

September 2014 cyber safety presentation
September 2014 cyber safety presentationSeptember 2014 cyber safety presentation
September 2014 cyber safety presentationjaurisch
 
Social Media SSPS
Social Media SSPSSocial Media SSPS
Social Media SSPSmicaja
 
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewSocial Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewPeter Wood
 
Lesson 2_Rules_of_Netiquette.pptx
Lesson 2_Rules_of_Netiquette.pptxLesson 2_Rules_of_Netiquette.pptx
Lesson 2_Rules_of_Netiquette.pptxJoy Dugayo
 
Lesson 2 rules of netiquette
Lesson 2 rules of netiquetteLesson 2 rules of netiquette
Lesson 2 rules of netiquetteEmmanuelaSernicul
 
Brandon + Eddie users guide phi 235
Brandon + Eddie users guide phi 235Brandon + Eddie users guide phi 235
Brandon + Eddie users guide phi 235brendaylo
 
lesson 2 online Safety Security eth.pptx
lesson 2 online Safety Security eth.pptxlesson 2 online Safety Security eth.pptx
lesson 2 online Safety Security eth.pptxAlleahGevero
 
EMPOWERMENT TECHNOLOGIES LESSON 2
EMPOWERMENT TECHNOLOGIES LESSON 2EMPOWERMENT TECHNOLOGIES LESSON 2
EMPOWERMENT TECHNOLOGIES LESSON 2JayMarkBandoy1
 
Guide for facebook use
Guide for facebook useGuide for facebook use
Guide for facebook useHeidi Dusek
 
Technological Awareness for Teens and Young Adults.ppt
Technological Awareness for Teens and Young Adults.pptTechnological Awareness for Teens and Young Adults.ppt
Technological Awareness for Teens and Young Adults.pptssuserc4a497
 
CIS490 Lab 1 Social Engineering AuditSocial engineering attacks.docx
CIS490 Lab 1 Social Engineering AuditSocial engineering attacks.docxCIS490 Lab 1 Social Engineering AuditSocial engineering attacks.docx
CIS490 Lab 1 Social Engineering AuditSocial engineering attacks.docxmonicafrancis71118
 
Smr week 23 opsec and safe social networking
Smr week 23 opsec and safe social networkingSmr week 23 opsec and safe social networking
Smr week 23 opsec and safe social networkingFort Rucker FRSA
 
Social groups for awareness
Social groups for awarenessSocial groups for awareness
Social groups for awarenessKaran Veer Singh
 
Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011
Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011
Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011Ben Woelk, CISSP, CPTC
 
Online privacy concerns (and what we can do about it)
Online privacy concerns (and what we can do about it)Online privacy concerns (and what we can do about it)
Online privacy concerns (and what we can do about it)Phil Cryer
 

Ähnlich wie Facebook white paper2011 (20)

September 2014 cyber safety presentation
September 2014 cyber safety presentationSeptember 2014 cyber safety presentation
September 2014 cyber safety presentation
 
Social Media SSPS
Social Media SSPSSocial Media SSPS
Social Media SSPS
 
Social Network
Social NetworkSocial Network
Social Network
 
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewSocial Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's View
 
Lesson 2_Rules_of_Netiquette.pptx
Lesson 2_Rules_of_Netiquette.pptxLesson 2_Rules_of_Netiquette.pptx
Lesson 2_Rules_of_Netiquette.pptx
 
Lesson 2 rules of netiquette
Lesson 2 rules of netiquetteLesson 2 rules of netiquette
Lesson 2 rules of netiquette
 
Users guide
Users guideUsers guide
Users guide
 
Brandon + Eddie users guide phi 235
Brandon + Eddie users guide phi 235Brandon + Eddie users guide phi 235
Brandon + Eddie users guide phi 235
 
lesson 2 online Safety Security eth.pptx
lesson 2 online Safety Security eth.pptxlesson 2 online Safety Security eth.pptx
lesson 2 online Safety Security eth.pptx
 
EMPOWERMENT TECHNOLOGIES LESSON 2
EMPOWERMENT TECHNOLOGIES LESSON 2EMPOWERMENT TECHNOLOGIES LESSON 2
EMPOWERMENT TECHNOLOGIES LESSON 2
 
Shockproofing Your Use of Social Media
Shockproofing Your Use of Social MediaShockproofing Your Use of Social Media
Shockproofing Your Use of Social Media
 
SOCIAL NETWORK SECURITY
SOCIAL NETWORK SECURITYSOCIAL NETWORK SECURITY
SOCIAL NETWORK SECURITY
 
Guide for facebook use
Guide for facebook useGuide for facebook use
Guide for facebook use
 
Technological Awareness for Teens and Young Adults.ppt
Technological Awareness for Teens and Young Adults.pptTechnological Awareness for Teens and Young Adults.ppt
Technological Awareness for Teens and Young Adults.ppt
 
Top ten-tips
Top ten-tipsTop ten-tips
Top ten-tips
 
CIS490 Lab 1 Social Engineering AuditSocial engineering attacks.docx
CIS490 Lab 1 Social Engineering AuditSocial engineering attacks.docxCIS490 Lab 1 Social Engineering AuditSocial engineering attacks.docx
CIS490 Lab 1 Social Engineering AuditSocial engineering attacks.docx
 
Smr week 23 opsec and safe social networking
Smr week 23 opsec and safe social networkingSmr week 23 opsec and safe social networking
Smr week 23 opsec and safe social networking
 
Social groups for awareness
Social groups for awarenessSocial groups for awareness
Social groups for awareness
 
Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011
Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011
Top Ten Tips to Shockproof Your Use of Social Media, Lavacon 2011
 
Online privacy concerns (and what we can do about it)
Online privacy concerns (and what we can do about it)Online privacy concerns (and what we can do about it)
Online privacy concerns (and what we can do about it)
 

Mehr von CPPGroup Plc

Anti social neighbours survey
Anti social neighbours surveyAnti social neighbours survey
Anti social neighbours surveyCPPGroup Plc
 
Hacking - how accessible is it?
Hacking - how accessible is it?Hacking - how accessible is it?
Hacking - how accessible is it?CPPGroup Plc
 
Mobile and SIM data - quantifying the risk - 2011
Mobile and SIM data - quantifying the risk - 2011Mobile and SIM data - quantifying the risk - 2011
Mobile and SIM data - quantifying the risk - 2011CPPGroup Plc
 
CPP contactless and mobile payments white paper 2011
CPP contactless and mobile payments white paper 2011CPP contactless and mobile payments white paper 2011
CPP contactless and mobile payments white paper 2011CPPGroup Plc
 
Uk wireless network hijacking 2010
Uk wireless network hijacking 2010Uk wireless network hijacking 2010
Uk wireless network hijacking 2010CPPGroup Plc
 
Uk lost and stolen cards 2010
Uk lost and stolen cards 2010Uk lost and stolen cards 2010
Uk lost and stolen cards 2010CPPGroup Plc
 
UK online fraud 2010
UK online fraud 2010UK online fraud 2010
UK online fraud 2010CPPGroup Plc
 
Corporate id fraud 2010
Corporate id fraud 2010Corporate id fraud 2010
Corporate id fraud 2010CPPGroup Plc
 
Uk regional card fraud 2010
Uk regional card fraud 2010Uk regional card fraud 2010
Uk regional card fraud 2010CPPGroup Plc
 
Lost stolen cards 2009
Lost stolen cards 2009Lost stolen cards 2009
Lost stolen cards 2009CPPGroup Plc
 
Uk regional card fraud 2009
Uk regional card fraud 2009Uk regional card fraud 2009
Uk regional card fraud 2009CPPGroup Plc
 

Mehr von CPPGroup Plc (11)

Anti social neighbours survey
Anti social neighbours surveyAnti social neighbours survey
Anti social neighbours survey
 
Hacking - how accessible is it?
Hacking - how accessible is it?Hacking - how accessible is it?
Hacking - how accessible is it?
 
Mobile and SIM data - quantifying the risk - 2011
Mobile and SIM data - quantifying the risk - 2011Mobile and SIM data - quantifying the risk - 2011
Mobile and SIM data - quantifying the risk - 2011
 
CPP contactless and mobile payments white paper 2011
CPP contactless and mobile payments white paper 2011CPP contactless and mobile payments white paper 2011
CPP contactless and mobile payments white paper 2011
 
Uk wireless network hijacking 2010
Uk wireless network hijacking 2010Uk wireless network hijacking 2010
Uk wireless network hijacking 2010
 
Uk lost and stolen cards 2010
Uk lost and stolen cards 2010Uk lost and stolen cards 2010
Uk lost and stolen cards 2010
 
UK online fraud 2010
UK online fraud 2010UK online fraud 2010
UK online fraud 2010
 
Corporate id fraud 2010
Corporate id fraud 2010Corporate id fraud 2010
Corporate id fraud 2010
 
Uk regional card fraud 2010
Uk regional card fraud 2010Uk regional card fraud 2010
Uk regional card fraud 2010
 
Lost stolen cards 2009
Lost stolen cards 2009Lost stolen cards 2009
Lost stolen cards 2009
 
Uk regional card fraud 2009
Uk regional card fraud 2009Uk regional card fraud 2009
Uk regional card fraud 2009
 

Kürzlich hochgeladen

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Kürzlich hochgeladen (20)

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

Facebook white paper2011

  • 1. Social networking users expose passwords online A CPP white paper November 2011
  • 2. Contents 1.1 Foreword 1.2 Background News 1.3 Research methodology 1.4 Key Findings - One third (32%) of Facebook profiles contain at least two pieces of personal information - Only one per cent of Facebook users had no data points on their public profiles - The majority of people do not trust all of their Facebook ‘friends’ - 18-24 year olds have, on average, more than 250 friends, but 81% say they do not trust all their Facebook friends - Women and those aged 65 and over are the most trusting of their Facebook friends - People are prepared to accept friend requests from a total stranger - 9% said they would accept an invitation from a stranger if they were good looking or popular - Six per cent of users allow anyone and everyone to see their entire profile - 15% allow everyone to see their date of birth which is a very common form of account verification - One in four people are logged into their Facebook account most or all the time - Only 14% said they had antivirus or security settings on their smartphones 1.5 Sample attacks 1.6 Conclusion 1.7 Safeguarding your identity 1.8 Further Information 1.9 About CPP Social networking users expose passwords online November 2011
  • 3. Introduction 2 1.1 Foreword During September 2011 Jason Hart, CEO of CRYPTOCard Europe, was commissioned by CPP to perform a review of 250 public Facebook profiles. The scope of the assessment was to highlight any information that could relate to an individual’s password and/or sensitive information and allow a potential targeted attack against the individual by means of social engineering. Passwords are based on the psychology behind what people choose as their passwords. People choose easy patterns on the keyboard, like ‘123456’ or ‘qazwsx’. In addition people choose their children’s names, birth dates and favourite sports teams. By understanding a person and looking at their Facebook account it is very easy to use their social network profile to potentially guess their password. However the password may have a small twist. Knowing that ‘ronnie’ is popular password for football fans, there may be different variants like ‘r0nnie’ or ‘ronnie1234’. During a period of four days, 250 public Facebook profiles were reviewed in order to see if any of the following information was present within the Facebook profile: - Interests - First school - Hobby - Pets name - Favourite football team - Dates of birth - Favourite football player - The user’s name - Childrens names - Maiden name The risk of having the above information publicly present within Facebook leaves the user at risk of being targeted by way of an attacker using the information to guess the user’s Facebook password or any other passwords that the user has in place for personal or business use. The two largest forms of risk are based around: - Password attacking by way of guessing (or ‘brute force’ attack), based on information uncovered within the public Facebook profile - Targeted social engineering attacks Social engineering is similar to hacking in that it is used to gain unauthorised access to systems or information to commit fraud, network intrusion and industrial espionage, identify theft or a simple disruption. However, social engineering is generally much easier than technical intrusion (hacking), as it does not require the technical know-how or background to be completed successfully. Rather, it simply involves using personal information. It is extremely difficult to prepare statistical evidence on the impact of such attacks on individuals because in most cases it will not be known when a social engineer has stolen information as the majority of attacks go unnoticed and unreported. Social networking users expose passwords online November 2011
  • 4. 3 1.2 Background News - Personal details of 10,000 people were stolen from their Facebook accounts and leaked online according to a hacking group, which claimed responsibility for the attack. The group, called Team Swastika, briefly posted the file which it said contained the user names and passwords of Facebook users.1 - Recently, a new software tool emerged which automates social engineering on Facebook. Unlike hacking software, this tool doesn’t demonstrate any new The personal theoretical security vulnerability. However, the automation of the social engineering process may have significant practical security implications as it details of can be launched by every script kiddie.2 - The number of people falling victim to identity fraud is rising, with employees 10,000 people and members of the public not doing enough to protect themselves, experts have warned. A total of 80,000 cases were reported across the UK last year, were stolen with victims losing £1,190 on average.3 - Phone hacking fears dominate consumers’ security concerns about new from their ‘mobile wallet’ payment systems and are likely to hamper UK adoption of new ‘swipe and pay’ smartphone systems.4 Facebook - Mobile malware increased 273% in the first half of this year, with cross- platform Trojans dominating the landscape.5 accounts and - 40% of mobiles lost or stolen in the last two years were not password protected.6 leaked online - According to internet service provider, Talk Talk, more than eight million homes in the UK were targeted by cyber criminals in the first quarter of 2011, with problems ranging from bombardments by unwanted pop-ups adverts to full-scale attacks. The Office for National Statistics said that 77% of homes have internet access, but more than a fifth of users do not believe they possess the skills needed to protect their personal data.7 1 The Independent, ‘Hackers claim Facebook attack’, 19 October 2011 2 Contingency Today, ‘automated Facebook identity threat’, 20 September 2011 3 The Scotsman, ‘Victims of ID fraud losing £1,190- and it’s on the rise’, 20 October 2011 4 PRNewswire, ‘Intersperience research reveals mobile payment security concerns’, 14 October 2011-10-21 5 SC Magazine UK, ‘Mobile malware rockets this year’, 12 September 2011 6 Walletpop, ‘Would you lose everything if you lost your mobile phone?’, 13 September 2011 7 Managed Hosting News, ‘Cyber criminals targeted 8.5m UK homes in Q1’, 21 September 2011 Social networking users expose passwords online November 2011
  • 5. 4 1.3 Research Methodology ICM interviewed a random sample of 2,030 adults aged 18+ online between 9-11 September 2011. Surveys were conducted across the country and the results have been weighted to the profile of all adults. ICM is a member of the British Polling Council and abides by its rules. Further information at www.icmresearch.co.uk During September 2011, Jason Hart was commissioned by CPP to perform a review of 250 public Facebook profiles, to identify any information that could relate to an individual’s password and/or sensitive information that could allow a potential targeted attack against the individual. At no point during the research was any user’s data or online webmail accounts compromised. 1.4 Key Findings One third (32%) of Facebook profiles contains at least two pieces of personal information The audit of Facebook profiles showed that one third of Facebook profiles contain at least two pieces of personal information such as their mother’s maiden name, date of birth, hobbies or children’s names. 27% of the profiles contained three pieces of personal information and five per cent had more than six pieces of personal information. Only 1% of Facebook users had no data points on their public profiles. Because this information is often used as a password or as an answer to a security question when users look to reset their online account log-in details, we can conclude that people are freely adding and publicly showing sensitive information on their Facebook profiles that can be used against them to either guess or socially engineer their passwords. How much data was given by each profile? 5% 1% 12% 7% 1 piece 2 pieces 3 pieces 4 pieces 5 pieces 16% > 6 pieces No data 32% Source: Jason Hart based on 250 random Public Facebook profiles, 27% September 20111 Social networking users expose passwords online November 2011
  • 6. 5 People revealing data on public Facebook profiles. 80 70 70 60 Individual pieces of data 50 50 40 40 30 60 20 20 10 10 0 0 First School Childrens names Interests Football team Employer Email Hobbies Maiden name Favourite player Pet’s name Dates of interest Source: Jason Hart based on 250 random Public Facebook profiles, September 20111 The majority of people do not trust all of their Facebook ‘friends’ Only 36% of Facebook users profiled trust all of their friends. As the most active social media users, those aged 18 to 24 are the most likely to publicise their personal information – and often to complete strangers. This age group has on average more than 250 friends but 81% say they do not trust all of their Facebook friends. Unsurprisingly the number of Facebook friends decrease with age: 18 to 24 year olds (261 friends), 25 to 34 year olds (196 friends), 35 to 44 year olds (120 friends), 45 to 54 year olds (93 friends), 55 to 64 year olds (65 friends), 65 and over (47 friends). Women and those aged 65 and over are most trusting of their Facebook friends. When we asked over 2,000 people if they had ever been a victim of identity fraud that originated from someone accessing details from any of their social media accounts (Facebook, Twitter and LinkedIn) 6% said they had, with 10% of 25-34 year olds claiming to have been a victim of identity fraud via their details having being taken from their profiles. Given identity fraud is a growing crime; this statistic is high and points to an area of vulnerability. Social networking users expose passwords online November 2011
  • 7. 6 The data below shows the percentage of people who trust all their Facebook friends 50 57% 46% 44% 40 38% 39% Only 36% of 30 33% Facebook 20 19% 23% users trust all 60 their friends 10 0 All respondents with an account with Facebook Male 18-24 45-54 Female 25-34 55-64 35-44 65+ Q: To your knowledge have you ever been a victim of identity fraud that originated from someone accessing details from any of your social media accounts (Facebook, Twitter and LinkedIn) 100 Yes No 91% 91% 93% 89% 89% 89% 88% 85% 80 60 40 20 10% 8% 6% 7% 7% 4% 3% 3% 0 All respondents with an account with Facebook Male 18-24 35-44 55-64 Female 25-34 45-54 65+ Social networking users expose passwords online November 2011
  • 8. 7 People are prepared to accept friend requests from a total stranger One third (33%) of people admit to accepting an invitation from people they have never met before with those aged 18-24 most likely to accept a friend request from a total stranger (50%). Men were more likely (37%) to accept friend requests from total strangers than women (29%) although both are surprisingly high. When we asked ‘why’, a small, but significant minority (9%), said they would accept an invitation from a stranger, if they were good looking or popular. Some Facebook users would also accept invitations simply so they can boost the number of friends they have on their profiles. 15% of Facebook users have not seen or spoken to many of their friends in over ten years. Q: Have you ever accepted a friend request on Facebook from a stranger i.e. someone you don’t know and have never met in real life? 100 Yes No 84% 80 76% 73% 70% 67% 63% 61% 60 50% 49% 37% 38% 40 32% 29% 27% 24% 20 16% 0 All respondents with an account with Facebook Male 18-24 35-44 55-64 Female 25-34 45-54 65+ Six per cent of users allow anyone and everyone to see their entire profile Over half (52%) of the social networkers questioned had received friendship requests from strangers. And despite media publicity around Facebook privacy and security, as well as identity fraud which shows no sign of abating, 6% allow anyone and everyone to see their entire profile. 15% of people allow everyone to access their date of birth which is a very common security question both for online accounts and for contact centre account verification. Social networking users expose passwords online November 2011
  • 9. 8 More concerning, however, is that ‘friend’ status means a lot more information is accessible. And with many users accepting friend requests from people they do not know and two-thirds of people not trusting all their Facebook friends, many users are potentially putting their identities at risk. This is surprising given the fact that 49% of people are aware that it is possible to use Half of personal information accessible on Facebook or other social networking sites in order to commit identity fraud. Indeed 55% of 18-24 year olds understand this, yet they are the people are most likely to have the most friends and least likely to trust them all. Separately, one in four people are logged onto the site all or most of the time. Given an aware increasing number of people access Facebook from their smartphones, we have a developing situation where they are leaving themselves open to impersonation should personal their handsets be lost or stolen. When questioned further on their handset security, only 14% said they had antivirus or information security settings on their smartphones. on social Q: Who can access the following on your Facebook profile? networking 80 80 72% 70 70 68% sites can be 60 60 62% 60% 54% used to 50 40 40 commit 30 30 27% identity fraud 20 20 10 12% 7% 8% 11% 17% 20% 11% 7% 13% 11% 8% 13% 13% 10 6% 0 0 Your status, photos Bio and favourite Family and Photos and videos Religious and and posts quotations relationships you’re tagged in political views 80 80 71% 70 70 67% 60% 60 60 54% 50 50 40 40 31% 30 30 25% 20 20 15% 12% 12% 10 10 7% 8% 9% 9% 6% 8% 5% 0 0 Birthday Permission to comment Places you check into Contact information on your posts Everyone Friends of friends Friends No one Social networking users expose passwords online November 2011
  • 10. 9 Examples of how personal details visible on Facebook can be used by hackers: Information type Potential Impact Rsk Factor First School First school is often used as a High - if used as the answer to security question on web-based web-based security questions applications and social networks Employer An attacker can use this Medium to high - risk to the information to conduct a social user and employer engineering attack to target the user’s employer Dates of Interest People that publicly display their High – as DOB is used by most date of birth are open to banks as one form of different forms of identity fraud identification Email Address This allows the user to become a Medium to high – based on if potential target to password the user is using a web based reset attacks and is a potential email address way to start spear phishing attacks Maiden Name People that publicly display their High – maiden name is used by maiden name also leave family most banks as one form of members open to different identification forms of identity threat Social networking users expose passwords online November 2011
  • 11. 10 1.5 Sample Attacks The review concludes that people are freely adding sensitive information to their Facebook profiles without understanding the possible implications of the data being publicly available. There are several methods to attempt to determine a user’s password, based on information posted on the user’s social network profile. - Looking for answers to password reset questions. Users of social networks sometimes inadvertently reveal information that could be used to reset passwords either on the social network itself or on popular webmail services such as Google, Hotmail and Yahoo! Mail. For example, on a user’s Facebook profile you are likely to find information like mother’s maiden name, place of birth, the colour of their first car and so on. These questions are similar, if not identical, to many password reset functions of popular webmail or even online banking services. If an attacker can gain access to the user’s webmail People are account using this method, all it takes is using the password reset functionality on the social network to send a new password (or reset link) to the e-mail freely adding account, which becomes under the attacker’s control. - Guessing the password. It may seem very trivial to think about, but based on sensitive the public information you find on a user’s Facebook profile, you can guess the password. For example, try their favourite foods and drinks, family names, as information to well as hobbies and sports teams. - Creating a word list. There are a number of tools that are available on the their web that can collect keywords from a web page (Facebook profile) and put them into a wordlist. Once the list has been created the list can be used to Facebook conduct a ‘brute force’ password attack using the wordlist. The accuracy of the attack is largely dependent on how well the web application being targeted profiles employs any brute force prevention mechanisms. In order to show an example of an attack we have taken one of the profiles uncovered without during the audit and have seen if it would be possible for an attacker to undertake a password reset attack on this user’s webmail account. understanding The attack is based on a five step process: the serious - Uncovering webmail address on Facebook - Accessing the password reset webpage for the target webmail account implications - Forcing the webmail service to reveal the secret question of doing so - Reviewing the Facebook profile to find the answer to the secret question - Resetting the Webmail password In order to show the process in action, please refer to the screen shots below. At no point during the Facebook audit or writing this report was any user’s data or webmail accounts compromised. Social networking users expose passwords online November 2011
  • 12. 11 Step 1 A review of the Facebook audit showed that 9% of the profiles were publicly showing the user’s webmail email address: Step 2 Once an attacker has the e-mail address they are able to go to the webmail service based on the email address and click on the ‘Forgot your password?’ button. In this case we are using Hotmail as the example, but all webmail systems work in the same way: Step 3 The attacker is then requested to enter the email address of account is looking to reset: Social networking users expose passwords online November 2011
  • 13. 12 Step 4 Reviewing of the Facebook profile reveals the name of the favourite football team Step 5 The attacker is able to reset the password and gain full control and access to the users e-mail account. 1.6 Conclusion The review has recognised that people are putting themselves at great risk by not knowing the potential threats of having their passwords guessed or hacked. Social networks are designed to allow sharing of personal information with others. Without this sharing, social networks would cease to exist. However, protecting and controlling access to personal information does not seem to be a consideration for many users. The more information people share with the world the more valuable and vulnerable they are to hackers. People need to understand that their privacy and risk of being a target is mostly dependent on what they are posting on Facebook and other social networking sites, as well as how privacy settings are configured for each social network site they are a member of. Social networking users expose passwords online November 2011
  • 14. 13 1.7 Safeguarding your identity Danny Harrison is Head of Data and Identity Protection at CPP and offers the following advice to consumers to help protect them from data loss. Danny has over ten years’ experience and is responsible for CPP’s mobile phone assistance and insurance products Review your that insure against lost, stolen and damaged handsets, and also assists people in the event of lost data. privacy Danny is media trained across print and broadcast and is available for media interviews on the issue of data security and identity fraud. settings Users have to start considering ways of mitigating risks by ensuring that they use some basic guidelines around password creation and management. With social networks, - social personal responsibility of information and data is key. The following recommendations will help prevent password guessing and ‘brute force’ attacks against users. networks Having a unique password for every website: Suppose your Facebook account or webmail gets hacked and you have the same password for every website. This means that generally have you have effectively compromised all the accounts that use that same password. Always create a unique password for each website you use. default Personal Information: Ensure that you are not posting any personal information on Facebook that can be used against you, for example date of birth, mother’s maiden name, settings that email address etc. Enforce Two factor authentications: A number of web based applications and social allow networking sites now provide users with the ability remove the need for static passwords and allow them to enable two factor authentication, thus totally removing the risks of the everyone to user’s password being compromised. view your Privacy settings on your social network profiles: Review the privacy settings on your social networks to ensure they meet your expectations. Social networks generally have default settings that allow everyone to view your information. information For further information please contact: Nick Jones Head of Public Relations CPPGroup Plc Holgate Park York YO26 4GA www.cppgroup.plc Tel: 01904 544 387 E-Mail: nick.jones@cpp.co.uk Social networking users expose passwords online November 2011
  • 15. 14 CPP is an award- winning organisation: - Top 50 Call Centres for Customer Service, 2009, 2010 and 2011 - Finalist in the Plc Awards, New Company of the Year, 2011 - Winner in the European Contact Centre Awards, Large Team of the Year category, 2010 - Finalist in the European Contact Centre Awards, Best Centre for Customer Service, Large Contact Centre of the Year categories, 2010 - Finalist in the National 1.8 About CPP Sales Awards, Contact Centre Sales Team of the Corporate Background Information Year category, 2010 The CPPGroup Plc (CPP) is an international marketing services business offering bespoke - Finalist in the National customer management solutions to multi-sector business partners designed to enhance Insurance Fraud Awards, Counter Fraud Initiative of their customer revenue, engagement and loyalty, whilst at the same time reducing cost to the Year category, 2009 deliver improved profitability. - Finalist in the European This is underpinned by the delivery of a portfolio of complementary Life Assistance Contact Centre Awards, products, designed to help our mutual customers cope with the anxieties associated with Large Team and Advisor of the challenges and opportunities of everyday life. the Year categories, 2009 Whether our customers have lost their wallets, been a victim of identity fraud or looking - Named in the Sunday for lifestyle perks, CPP can help remove the hassle from their lives leaving them free to Times 2008 Pricewaterhouse Coopers enjoy life. Globally, our Life Assistance products and services are designed to simplify the Profit Track 100 complexities of everyday living whether these affect personal finances, home, travel, personal data or future plans. When it really matters, Life Assistance enables people to live - Finalists in the National life and worry less. Business Awards, 3i Growth Strategy category, Established in 1980, CPP has 11 million customers and more than 200 business partners 2008 across Europe, North America and Asia and employs 2,300 employees who handle - Finalist in the National millions of sales and service conversations each year. Business Awards, Business of the Year In 2010, Group revenue was £325.8 million, an increase of more than 12 per cent over the category, 2007, 2009 and previous year. Highly Commended in 2008 In March 2010, CPP debuted on the London Stock Exchange (LSE). - Named in the Sunday What We Do: Times 2006, 2007, 2008 and 2009 HSBC Top Track CPP provides a range of assistance products and services that allow our business partners 250 companies to forge closer relationships with their customers. - Regional winner of the We have a solution for many eventualities, including: National Training Awards, 2007 - Insuring our customers’ mobile phones against loss, theft and damage - Winner of the BITC Health, - Protecting the payment cards in our customers’ wallets and purses, should Work and Well-Being these be lost or stolen Award, 2007 - Providing assistance and protection if a customer’s keys are lost or stolen - Highly Commended in the UK National Customer - Providing advice, insurance and assistance to protect customers against the Service Awards, 2006 insidious crime of identity fraud - Winner of the Tamworth - Assisting customers with their travel needs be it an emergency (for example Community Involvement lost passport), or basic translation service Award, 2006. Finalist in 2008 - Monitoring the credit status of our customers - Highly Commended in - Provision of packaged services to business partners’ customers The Press Best Link Between Business and Education, 2005 and 2006. Winner in 2007 For more information on CPP please visit www.cppgroupplc.com Social networking users expose passwords online November 2011