This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Users Should Be Wary When Web Sites Ask For Too Much Info
Fortinet is warning users to ignore even legitimate sites' requests for e-mail and IM login information because handing it out is a bad habit to get into.
Security researchers at Fortinet say a new trend among popular Web sites like Facebook may be teaching users the wrong lesson, causing them to unlearn what took years to teach them in the first place.
The rule of thumb for well-educated online users is to never, ever give out sensitive information, such as log-in credentials. That kind of information is the stuff of dreams for the growing phalanx of phishers and hackers hungry for user names, passwords, and other choice tidbits of online identities.
"There are a lot of sites out there asking for this information," he told InformationWeek. "It used to just be phishers and now we're seeing legitimate sites, like Facebook, doing it. People are giving them the information because they think it's convenient but it's just a bad idea."
Fossen explained that sites like Facebook ask for users' e-mail and IM login information so they, for example, can pick out their users' friends' addresses and set up their contact list for them. It saves users time.
Facebook could not be reached for comment.
The problem is that while Facebook may be on the up and up when it comes to going through users' contact lists, many other sites and individuals are not. And Fossen said it's just a bad idea to get into the habit of giving out that kind of information.
"Because people are getting used to doing this for legitimate sites, they're more apt to hand it out to phishers," he added. "It's not good to be handing out that information. You're no longer thinking about securing your information. I tend to think it's a scary trend."
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.