During the last year, we’ve all enjoyed the rise of social media
and social networking, with many of us now happily Twittering,
Facebooking, Beboing, StudiVZing, MySpacing, Cyworlding, Mixiing, QQing
or whatever takes your fancy.
In fact, the numbers are quite incredible. Considering most of these
sites had virtually no users in 2006, the fact that they now have about
230 million registered users with MySpace, 75 million with Facebook, and
about 250 million for the rest, you have an awful lot of socially
In a press release from Comscore in January,
the figures speak for themselves:
"The number of worldwide visitors to social networking sites has
grown 34 percent in the past year to 530 million, representing
approximately 2 out of every 3 Internet users. MySpace and Facebook are
in a tight battle for the global leadership position, each attracting
more than 100 million visitors per month."
Two out of every three internet users are socially networking online.
That’s a lot of people.
And Comscore’s figures do not include what I consider to be the
planet’s biggest social network, QQ. QQ is a Chinese network run by
Tencent, a mobile network carrier. Maybe that’s why they are left out of
Comscore’s figures, because they are mobile based, but QQ has 300
In fact, if you add in all the mobile network social capabilities,
such as Twitter, you have over a billion people networking socially
through electronic media.
That’s 1 in 5 people on the planet.
That’s a helluva lot of people.
But what concerns me, as regular
readers of my blog will know, is how careful or careless these
people are, when using these networked worlds in managing their
I’ll take Facebook as the example here, as that’s the one I’m
familiar with, but I’m sure most other social media applications are the
First, there’s the connecting with complete strangers. This is best
illustrated by a study by the internet security firm Sophos.
Sophos ran a joke last
year on Facebook, and were surprised to find that most people accepted
them as a friendly connection, even though people did not know who was
reaching out to them. If they checked out the stranger's profile,
it just had a picture of a plastic frog on it, and yet they still
accepted this stranger's connection.
This just reflects basic human nature. We want to be popular so if
someone wants to be our friend, oh, yes please!
Second, is the ability to easily see everyone’s profiles if you know
how. The simplest thing to do is to join a network, such as London, and
then look around. You can read a lot of people’s profiles and they don’t
even know it because, when they joined the London network, they forgot
to set their profile on the London Network to 'private'. Result:
everyone in London can see your profile whenever they want.
That can have some serious implications, as demonstrated by Crystal
Palace teenage footballer, Ashley-Paul
Ashley-Paul had his first full team game for Crystal Palace in April
and is a promising star for the future. However, he posted details of
his forthcoming try-out for Fulham, an archrival football team, on his
Facebook profile without realising that, because he was part of the
London network, 2.7 million people could read it. One of the people who
read this news was the Crystal Palace team manager, Neil Warnock, who
has told Ashley-Paul he is a Faceberk and that his Crystal Palace future
ended last week.
Finally, I’ve found a new quirk in Facebook. If you annotate on a
friend’s photograph, then you are allowing all of your friend’s to see
your friend's photo album.
This can best be illustrated by the example of my friend John, who
knows Jane. I don't know Jane and have no conection with her. However,
John decides to write a note on Jane's photo saying, "Nice piccie".
Because John makes that comment, I can now see all of Jane's photograph
album and all of the comments in that album. Even though I don't know
Facebook user has 164 friends. So, in practice, this means that I
can potentially see the details of my 164 friends x their 164 friends,
who I do not know. That's over 25,000 people who are now exposed to me
through the network. Not just exposed as individuals, but their lives,
friends, habits and social world.
The bottom-line is that through Facebook, I potentially have access
to millions of people’s profiles, lives, friends, boyfriends,
girlfriends, brothers, sisters, fathers, daughters, mothers, sons …
their birth dates, home town, place they live now, where they work,
their mobile telephone numbers, email addresses, habits and thoughts.
And if I know how to do this in Facebook, I am sure that I could find
similar exposures in MySpace, Bebo, Badoo, QQ and more.
For the true friends I have out there who I enjoy networking with,
this is fantastic. For the hundreds of strangers I now have access to
through the network, this is dangerous.
In fact, it’s so dangerous that I believe yes, a billion people can
be wrong. A billion people, 1 in 5 people on this planet, may be giving
away their identities and more in the name of social fun.
So what does this mean for banks?
Well, banks really need to start raising this issue, in the same way
as phishing and spam. This would mean placing signs everywhere on bank
internet and mobile services, saying something like:
“If your identity is compromised and we find this is a result of your
usage of social networking sites such as Facebook or MySpace, you will
be liable for any losses incurred. You may not realise but your identity
can be traced through these internet sites if people can access your
profile. Your profile can be accessed by all of those you are connected
with and, quite often, their connections. Equally, anyone on a network,
such as the London network, maybe able to see your profile. That equates
to almost 3 million people who can see your birthday, email address,
friends and family, and anything else you place on these social media.
Therefore, we recommend you do the following best practices …”
and so on.
But there is more to this than just identity theft issues. In fact,
for a bank, there is far more concern about what these sites could mean
for social engineering fraud and theft.
For example, I regularly find details of tellers and customer service
representatives for various banks. I can even target the banks I want
to have a go at, by name.
Each of these banks’ have staff socially networking online and, even
though I have never met any of them, they give me all of the information
I need about their lifestyles and contact details. I just wonder what
would happen if I went down to their local bar and said I had their
brother or sister, mother or father, son or daughter, held at home at
gunpoint unless they help me rob the bank.
I don't have their family or friends at gunpoint … I just know
their names and details. Just as I knew where they drank, when and how
It's all on their profile.
Just a thought.