This is the title of a presentation that George Petre gave recently at the MIT spam conference. George is the head of the Threat Intelligence Team of anti-virus company BitDefender.
His team experimented the use of social networks as spam vector. And the results are impressive (frightening?). Social networks are great for spams.
One of the side results of the study is the evaluation of user acceptance of new ”friends”. They created three types of profiles. The first one had the minimal allowed details (without picture), the second one had a picture and some more details and the third one was extremely complete.
Just one hour after starting to add people to each profile, we managed 23 connections with the 1st profile, 47 with the 2nd profile and 53 with the 3rd profile.
Amazing! You don’t even not need to be a social engineer.
And of course, once you are a friend, people have a natural tendency to trust you and accept any of your proposed links.
The full paper is available here. If you are worried about social networks, read this paper and you will be even more worried. The remedy seems simple: accept as friend only people that you know and trust. Unfortunately, this is contrary to the drive to have a high score of friends.