Fake Facebook Friends Can Compromise Your Account
If you are one of the 500+ million users on Facebook, you have likely received friend requests on your account. If you are unfamiliar with the security settings Facebook has, there is a lot of information on you that is visible to the world. This information can make your account vulnerable to hackers and other unscrupulous people.
A recent demonstration at the Silver Bullet Security Conference by Nelson Novaes Neto, Chief Security Officer at UOLDiveo, showed how easy someone can gain access to your account through illegitimate friend requests.
In Nelson’s experiment, he used LinkedIn, Amazon, and Facebook to gather information on a target. After getting enough information from coworkers and friends, he created a Facebook account using identical information from the victims manager. After sending 432 friend requests to the friends and friends of the manager, he set out 432 requests to related LinkedIn accounts. 1 hour in, he received 14 acceptances, and after 7 hours, his friend request was accepted by the victim.
With the information gathered, Nelson said it is possible to take over the legitimate accounts using a legitimate Facebook recovery feature.
Facebook’s PR team wasn’t particularly happy about this and encourages users to report suspicious activity.
We will be doing an article later today on how to secure your Facebook account and tips on keeping your account info safe.