Users Should Be Wary When Web Sites Ask For Too Much Info - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Users Should Be Wary When Web Sites Ask For Too Much Info

Fortinet is warning users to ignore even legitimate sites' requests for e-mail and IM login information because handing it out is a bad habit to get into.

Security researchers at Fortinet say a new trend among popular Web sites like Facebook may be teaching users the wrong lesson, causing them to unlearn what took years to teach them in the first place.

The rule of thumb for well-educated online users is to never, ever give out sensitive information, such as log-in credentials. That kind of information is the stuff of dreams for the growing phalanx of phishers and hackers hungry for user names, passwords, and other choice tidbits of online identities.

The problem is that a growing number of legitimate Web sites are asking users to hand over just this information, according to Steve Fossen, manager of threat research at Fortinet.

"There are a lot of sites out there asking for this information," he told InformationWeek. "It used to just be phishers and now we're seeing legitimate sites, like Facebook, doing it. People are giving them the information because they think it's convenient but it's just a bad idea."

Fossen explained that sites like Facebook ask for users' e-mail and IM login information so they, for example, can pick out their users' friends' addresses and set up their contact list for them. It saves users time.

Facebook could not be reached for comment.

The problem is that while Facebook may be on the up and up when it comes to going through users' contact lists, many other sites and individuals are not. And Fossen said it's just a bad idea to get into the habit of giving out that kind of information.

"Because people are getting used to doing this for legitimate sites, they're more apt to hand it out to phishers," he added. "It's not good to be handing out that information. You're no longer thinking about securing your information. I tend to think it's a scary trend."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
Can Cloud Revolutionize Business and Software Architecture?
Joao-Pierre S. Ruth, Senior Writer,  1/15/2021
Slideshows
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
News
How CDOs Can Build Insight-Driven Organizations
Jessica Davis, Senior Editor, Enterprise Apps,  1/15/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Slideshows
Flash Poll