Users Should Be Wary When Web Sites Ask For Too Much Info - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

Users Should Be Wary When Web Sites Ask For Too Much Info

Fortinet is warning users to ignore even legitimate sites' requests for e-mail and IM login information because handing it out is a bad habit to get into.

Security researchers at Fortinet say a new trend among popular Web sites like Facebook may be teaching users the wrong lesson, causing them to unlearn what took years to teach them in the first place.

The rule of thumb for well-educated online users is to never, ever give out sensitive information, such as log-in credentials. That kind of information is the stuff of dreams for the growing phalanx of phishers and hackers hungry for user names, passwords, and other choice tidbits of online identities.

The problem is that a growing number of legitimate Web sites are asking users to hand over just this information, according to Steve Fossen, manager of threat research at Fortinet.

"There are a lot of sites out there asking for this information," he told InformationWeek. "It used to just be phishers and now we're seeing legitimate sites, like Facebook, doing it. People are giving them the information because they think it's convenient but it's just a bad idea."

Fossen explained that sites like Facebook ask for users' e-mail and IM login information so they, for example, can pick out their users' friends' addresses and set up their contact list for them. It saves users time.

Facebook could not be reached for comment.

The problem is that while Facebook may be on the up and up when it comes to going through users' contact lists, many other sites and individuals are not. And Fossen said it's just a bad idea to get into the habit of giving out that kind of information.

"Because people are getting used to doing this for legitimate sites, they're more apt to hand it out to phishers," he added. "It's not good to be handing out that information. You're no longer thinking about securing your information. I tend to think it's a scary trend."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
News
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Commentary
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll