Facebook users happy to reveal all

New research by Sophos suggests that 41 percent of Facebook users will divulge personal information to a complete stranger

By - August 14, 2007
Facebook users happy to reveal all

IT security and control firm, Sophos, is warning social networking users of the dangers of allowing strangers to gain access to their online profiles, following new research into the risks of identity and information theft occurring through global phenomenon Facebook.

Compiled from a random snapshot of Facebook users, Sophos's research shows that 41 percent of users, more than two in five, will divulge personal information – such as email address, date of birth and phone number – to a complete stranger, greatly increasing their susceptibility to ID theft.

The Sophos Facebook ID Probe involved creating a fabricated Facebook profile before sending out friend requests to individuals chosen at random from across the globe.

To conduct the experiment, Sophos set up a profile page for 'Freddi Staur' (an anagram of 'ID Fraudster'), a small green plastic frog who divulged minimal personal information about himself. Sophos then sent out 200 friend requests to observe how many people would respond, and how much personal information could be gleaned from the respondents.

"Freddi encouraged 82 users to hand over their personal details on a plate," says Brett Myroff, CEO of master Sophos distributor, NetXactics.

"While accepting friend requests is unlikely to result directly in theft, it is an enabler, giving cyber criminals many of the building blocks they need to spoof identities, to gain access to online user accounts, or potentially, to infiltrate their employers' computer networks."

The full results of the Sophos Facebook ID Probe are as follows:

- 87 of the 200 Facebook users contacted responded to Freddi, with 82 leaking personal information (41 percent of those approached)

- 72 percent of respondents divulged one or more email addresses

- 84 percent of respondents listed their full date of birth

- 87 percent of respondents provided details about their education or workplace

- 78 percent of respondents listed their current address or location

- 23 percent of respondents listed their current phone number

- 26 percent of respondents provided their instant messaging screen name

In the majority of cases, Freddi was able to gain access to respondents' photos of family and friends, information about likes/dislikes, hobbies, employer details and other personal facts.

In addition, many users also disclosed the names of their spouses or partners, several included their complete résumés, while one user even divulged his mother's maiden name – information often requested by websites in order to retrieve account details.

What is concerning is how easy it was for Freddi to go about his business, obtaining enough information to create phishing emails or malware specifically targeted at individual users or businesses, to guess users' passwords, impersonate them or even stalk them, explains Myroff.

While most people wouldn't give out their details to a stranger in the street, or respond to a spam email, several of the users Freddi contacted went so far as to make him one of their “top friends”.

“People should understand that despite occurring within Facebook, this type of communication is still unsolicited and users should employ the same basic precautions – such as not responding in any way – to prevent exposure to wrongdoers,” Myroff says.

As well as the successful friend requests, a number of users unwittingly enabled Freddi to gain access to their profile information simply by sending response messages such as "Who are you?" and "Do I know you?" back to his Facebook inbox.

Sophos experts note that users' profiles can be protected from such exposure by adjusting the privacy controls within their Facebook account settings.

While Facebook's privacy features go far beyond those of many competing social networking sites, it is ultimately about the human factor – carelessness and being preoccupied with having more Facebook friends than their peers could have a serious impact on business security, if accessed in the workplace, Myroff adds.

Some businesses may already be considering blocking Facebook for productivity reasons but, equally, other companies will see business benefits in this type of interaction, hence it's important that the site is used sensibly and securely.

In addition to these findings, Sophos poked a further 100 random Facebook users to see if this form of communication would elicit the same response and encourage people to let Freddi access their details. However, just eight people responded, with only five revealing personal information.

"Curiously, while so many users were perfectly willing to make friends with Freddi – despite knowing nothing about him – it appears that few wanted to engage in casual poking, suggesting that, true to the site's ethos, Facebook users are primarily interested in commitment and friendship," Myroff says.

Comments

 

Shutterstock is the image partner of MyBroadband – more technology images

Join the conversation

Connect with Us

androidappletwitterfacebookgoogleplusfeednewsletter

Poll

Do you support tax rebates for broadband investment in South Africa?

View Results

Loading ... Loading ...

More News

Wi-Fi-enabled, LED-fitted dress changes patterns on the go

Wi-Fi power glowing in the palm of your hand

MWEB Wi-Fi has developed a Wi-Fi-enabled, LED-fitted dress that changes its pattern and colours depending on when and where it is worn

Massive savings on TVs and other gadgets

Sale

You can save lots of money on gadgets and technology products this weekend from Makro, Incredible Connection, HiFi Corp, and other retailers

Turn down that music before you go deaf

Google Music logo

Some 1.1 billion young people are listening to music at volumes that endanger their hearing and can have other negative effects

We’re taking the Energy Minister to court: Greenpeace

Nuclear power station

Greenpeace Africa announced it has filed papers in the Pretoria High Court to compel the Minister of Energy to update the country’s completely inadequate nuclear liability regulations

X

Newsletter Subscription


Name
Email *
Enter the following to confirm your subscription *
Captcha image


Free MyBroadband Newsletter
Subscribe
X
bool(true)