"It's unbelievable, the kind of data that's out there about you," Cisco's principal security strategist Patrick Gray told a crowd in Boise, Idaho, this morning.
The problem is that criminal hackers can use that kind of information to target a company, Gray said. He described one case where criminals in the Ukraine targeted a particular large company, went onto Facebook to look for employees of that company, and upon finding one, created a Facebook account in the name of one of her high-school friends and asked to "friend" her. When she did so, the "friend" then suggested she click on a link to see a picture of herself from high school -- which downloaded malicious software into the corporation's network, he said.
Before joining Cisco, Gray spent 20 years with the Federal Bureau of Investigation, including forming one of the first cybercrime units.
In particular, Facebook is huge, Gray said, noting that if it were a country, it would be the third-largest worldwide, after China and India. In other Facebook statistics:
- 50 percent of active Facebook users log on to Facebook on any given day
- 60 million users update their status daily
- People spend more than 500 billion minutes per month on Facebook
- 3 billion photos are uploaded every month
- 5 billion pieces of content are shared each week
- Millions of local businesses have pages
- More than 20 million people become fans of pages
- There is a total of 5.3 billion fans
- 100 million people use Facebook through smart phones
- 43 percent of all Americans -- 40 percent of men and 45 percent of women -- are on Facebook
- In August alone, 41 million minutes were spent on Facebook
"Social media users believe there is protection in being part of a community of people they know," said Gray. "Criminals are happy to prove them wrong." He cited one study showing that 46 percent of people approached agreed to give full access to their sites on Facebook to users that were, respectively, a duck and a cat. 700 other accounts were compromised in just two hours by telling people that they could click on a link to talk to a 23-year-old woman, he added.
In a similar example, criminal hackers used Facebook to send people a link offering video of "cheerleaders gone wild," telling them that due to the nature of the video, people had to click to confirm that they were over 18 -- which downloaded malware to their computer.
"Men are pigs," Gray said, tongue-in-cheek.
Organizations need to educate their users to not click on things, Gray said.