IE 11 is not supported. For an optimal experience visit our site on another browser.

Facebook friends could be strangers in disguise, researcher shows

A recent study showed just how easy it was to fool even a security expert into accepting friend requests from total strangers. The trick? Open a profile posing as someone's real-world friend. Even if they're already that person's friend, there's a chance they will friend him or her again.The study, presented at a conference by Brazilian security expert Nelson Novaes Neto and written up by Ars Te

A recent study showed just how easy it was to fool even a security expert into accepting friend requests from total strangers. The trick? Open a profile posing as someone's real-world friend. Even if they're already that person's friend, there's a chance they will friend him or her again.

The study, presented at a conference by Brazilian security expert Nelson Novaes Neto and written up by Ars Technica, involved establishing mutual friends between the victim and the fake account. When the fraudster spammed hundreds of possible mutual friends, some were bound to accept, and did. Within 7 hours, the fake account had enough mutual friends to look like a legitimate acquaintance — all the credibility the victim needed.

There are more details over at Ars, and I encourage you security-minded folks to read the whole piece.

The lesson here is that no matter how squeaky clean you are, and no matter how squeaky clean your friends are, there's bound to be someone sinister lurking on the outskirts of your personal network.

Not only should you avoid friends of friends (who could be pretty much anyone in the world, at this point), but you should question suspicious friend requests: Didn't you already friend that person? Why do they only show 12 friends in common, if you can name at least 20? Why are there two accounts on Facebook for the same person?

Play it safe, people. And for Pete's sake, check your privacy settings!

More on Facebook from TODAY Digital Life:

Catch up with Wilson on Twitter at @wjrothman, or on Google+. And join our conversation on Facebook.