Facebook or Phacebook?
Word today from TechCrunch's Duncan Riley that a successful phishing scam targeting Facebook users is on the loose. Unfortunately, this type of thing is only going to increase in prevalence as more and more people aggregate and connect using social networks, Twitter and other new media vehicles. Not to mention that many folks make their profile information public on the networks, meaning a phish doesn't have to get that much data to know more about you than they should.
This also raises the question about the blurring line between social applications for personal and professional use. I Twitter, I Facebook and I Link In, all for both profesional and personal reasons. Does this mean that these are all legitimate applications for professional use and should not be monitored by security and IT? Or does it mean that companies should restrict access using web filtering technology and other security/resource management measures to ensure no lines are crossed?
I for one think that the business value outweighs the risk in most instances---especially in a relationship-driven profession like PR--but not all companies will agree with that. They will be concerned that the sheer volume of new social applications and the integration and mash up of them, will eventually result in a major privacy or security breach that internal IT cannot manage.
It also raises the question of with whom does the responsibility lie? Should Facebook, Twitter and others provide some baseline security measures to fight phishing or should it be the corporation's repsonsibility to police their people and a consumer's to protect themselves? Is Facebook a public pond (swim at your own risk)? Where is the legal liability?
Thankfully, I feel as though we are still in the early adopter phase of Twitter, Facebook and other Web 2.0 sites and resources, so many of the users have some level of technical/security savvy. Maybe the near-term return on phishes for identity thieves, deviants and hackers will be so low, that they will continue focusing on traditional email phishing and botnets. In any event, this is great fodder for next week's RSA conference where experts like ScanSafe, 8e6, Breach Security, Qualys, CORE Security, Cloudmark and others will gather to tackle the topic of web applications and security.
Want to meet with me at RSA or find out what I'll be doing there? Check out my status on Facebook or Twitter. But if it says I am asking you for personal or profile information, don't believe it for a second.
Tags: anti-phishing, anti-spam, application security, botnets, breach security, cloudmark, core security, duncan riley, facebook, phishing, qualys, rsa conference, scansafe, techcrunch, twitter, web 2.0
Posted by Jason Morris on March 27, 2008 at 1:14 PM
Comments (2) | TrackBack (0)
Comments
"I for one think that the business value outweighs the risk in most instances---especially in a relationship-driven profession like PR"
----
I couldn't agree more. As a PR flack, I take advantage of every relationship building tool I can. Facebook and LinkedIn have proved quite advantageous for me. I shudder to think what cutting off my access to these things would do to my ability to serve clients.
Posted by: Margie | March 31, 2008 11:05 AM
Thanks, Margie. It may be hard for some to believe that there was PR before email, web sites, mobile phones and Twitter. :)
Posted by: Jason Morris | April 1, 2008 11:42 AM