A recent case study has revealed that social gamers’ tendency to add strangers as gamer friends is contributing to the growth in identity theft and spamming on social networks like Facebook. Specifically, when social gamers add strangers as friends and share their information, they are “exposing themselves to real and present danger of falling victim to fraud and ID theft” and also clicking on those strangers’ (possibly dangerous) posted links 24% of the time.
According to the report by BitDefender, the use of detailed profiles, shared groups and mutual acquaintances give more credibility to fake identities. Spammers and phishers create fake profiles and bots that send spam messages to gaming groups, saying things like “add me”. When other social gamers add the user, they then have the power to simulate a real Facebook profile, and use that in identity fraud.
The study also shows that the most successful fake accounts are the ones that mimic real profiles by including lots of personal data and photos of the user. The case study had an acceptance experiment, where BitDefender researchers created three profiles: one without a photo and few information details, another with a photo and few informational details and a third with many photos and a lot of data. All three profiles were added as friends when the user posted a message to a public general interest group, and one hour after starting to add people, there were “23 connections for the first profile, 47 for the second profile and 53 for the third profile.”
However, that was just a general interest group. When the researchers tried a social gaming group, they found that “within 24 hours, 85 users accepted a request from the first profile which they did not know, 108 from the second and 111 from the third.” We can see that users are very willing to add any type of stranger as a friend on social networks, and are especially likely to do that within the context of a social game.
The overall threat implications are numerous, with the report citing that false users gain more spamming power, data and ID theft, account hijacking and malware distribution. The researchers posted a shortened URL (like the ones seen on Twitter) without any description on their profile, and 24 percent of their new stranger friends followed the link!