Industry Insight

Privacy and Crime Tripping Up Facebook

Evidence is mounting that Facebook – the most widely-discussed web experience in America – could be tripped up by privacy issues and cyber crime, even while it grows to gigantic proportions.

Facebook now serves pages to 7% of the world’s population (500 million users). Marketing books on social media are selling like iPhones. Some banks even have a presence on Facebook.

Why not? Facebook serves 260 billion pages per month, more than Google or any other web site. Half of all Facebook users log in on any given day and share more than 1 billion web links, news, blog posts, videos, photos, music and more. No wonder prominent media pundit Steve Harmon recently suggested that Facebook might beat Google’s lock on Internet search by launching its own search function.

But that’s only one side of the Facebook story. The other side reveals an ongoing war between Facebook and the more sensitive members of its burgeoning user base.

Changes to privacy settings late last year set off a wave of angry blog posts which have yet to subside. More recently, The Wall Street Journal reported that Facebook was sending user names to advertisers when the users click on ads – a practice that has attracted Federal Trade Commission attention as well as angry user response.

Angry users and energetic regulators aren’t the only people interested in Facebook’s treasure trove of personal information. Cyber criminals are right behind them, piecing together details to refine their general phishing activities into ‘spear phishing’ attacks – one of the fastest and most deadly forms of cyber crime.

Using personal details gathered from publicly available web sites, today’s cyber criminals can launch phishing emails to specific individuals that dramatically increase the attack’s success. The Anti-Phishing Working Group reports a substantial increase in phishing attacks focused on high value targets, such as personnel with treasury authority.

Is it any wonder that major corporations have begun to deploy policies that prohibit employees from participating in blog discussions and social media sites? Even when employees are off premises, companies insist that their employees are “still bound by the company’s confidentiality policies.”

Perhaps such policies are draconian. But they might be increasingly necessary responses to the dangers of personal information now available on social media sites to marketers and cyber criminals alike.

The following chronology highlights the rapid unveiling of Facebook information about its users:

In 2005, Facebook users could view each others’ personal information only if they belonged to at least one group specified by the user. Two years later, ‘public information’ on Facebook included the user’s name, school (Facebook started as a service for college students), and profile photo.

By December 2009, publicly available information on Facebook included the user’s name, profile photo, list of friends and pages the user is a fan of, gender, geographic region, and networks. Third-party search engines had access and were actively indexing every bit of it.

Given this level of information available to the general public, it’s no wonder that cyber crime remains a growth industry. The Internet Crime Complaint Center recently reported that Americans lost about $559 million to Internet thieves in 2009 – more than twice the 2008 figure, when $268 million was stolen over the Internet.

Perhaps that explains why Google Trends recently reported that “DELETE FACEBOOK ACCOUNT” was the ninth most popular U.S. request. I believe there’s more going on at Facebook than meets the eye, and that financial institutions should watch carefully.

Receive Tips, News & Updates