With more than 800 million users worldwide, Facebook has become the defacto standard in social networking platforms.  One of its most important features, the ability to quickly and easily scan whether or not you know people by looking at common connections, has expanded networks across the entire world. You all know this already…  but how many of you know which of your friends (or your friends’ friends) are real people?

In a recent study conducted by the University of British Columbia in Vancouver, Canada, researchers attempted to demonstrate that Facebook could be easily penetrated for malicious purposes: collecting users’ data. The University of British Columbia experiment introduced 102 “socialbots” – effectively, simulated Facebook users complete with pictures, quotes, and status updates – to make friend requests, and then parlay those associations into deeper ties with their new friends’ connections.  The socialbots made random requests to Facebook users, and within six days of their introduction to the social networking site, had received acceptances from nearly 1,000 users.

In turn, the bots continued on in their endeavor to make new connections and began sending friend requests to the connections of their new “friends”, and the results appear to show that the new request recipients, seeing a mutual connection, accepted the request from a cyber-user: results show that requests were accepted 59.1 percent of the time.

Over the length of the experiment, the UCB socialbots collected valuable Personally Identifiable Information (PII), including date of birth, email address, and physical addresses, from more than 3,000 Facebook users, equating to approximately 250 GB of data. Because this data is highly marketable and potentially dangerous if in the wrong hands, if this were instituted by an organization other than a reputable university, untold damage could have been caused to thousands, if not millions, of people across the world. So, how do we protect ourselves against this, and if we fall for such an attempt, what is our recourse?

  1. Make sure you know who you are friending and accepting friend requests from. Ask yourself important questions: Do I know this person? If so, where have a I met them? If you don’t, and your basing your consideration on a mutual connection, how does my friend know this person? When in doubt, ask your friend.
  2. Know what personal information you want to share, and that which you don’t. Do you want everyone to know when your birthday is, if you’re married or single, your email address? Adjust your profiles and the information that your contacts can view and download as you see fit.
  3. You’ve made friends with a virtual contact. What about me is in the wrong hands? Find out what data has been compromised, and learn what you can do to protect yourself in the future and restore your identity. Invest in a comprehensive identity check, monitor your identity and online presence, and be vigilant about protecting your identity.