Would you give your personal information to a cute little plastic frog offering to be your friend online?
The answer seemed to be a definite “yes” in two out of every five users of social networking portal Facebook, according to a new study released by Sophos, a world leader in IT security and control.
Sophos warned social networking users of the dangers of allowing strangers to gain access to their online profiles, following the research into the risks of identity and information theft occurring through the global phenomenon Facebook.
Compiled from a random snapshot of Facebook users, Sophos’s research shows that 41 per cent of users, more than two in five, will divulge personal information — such as email address, date of birth and phone number — to a complete stranger, greatly increasing their susceptibility to ID theft, Sophos said in a statement.
For the purpose of the research, and to see if users could be exposed to the risks of identity theft, Sophos created a fabricated Facebook profile with the picture of a green plastic frog named Freddi Staur, which is an anagram of “ID Fraudster”.
Sophos then sent out 200 friend requests to observe how many people would respond, and how much personal information could be gleaned from the respondents.
Of the 200, a total of 87 users responded to Freddi, with 82 leaking personal information (or 41 percent of those approached), divulged one or more email address (72 per cent), listed their full date of birth (84 per cent), provided details about their education or workplace (87 per cent), their current address or location (78 per cent), listed their current phone number (23 per cent) and provided their instant messaging screenname (26 per cent).
Sophos’ statement went on to say: “In the majority of cases, Freddi was able to gain access to respondents’ photos of family and friends, information about likes/dislikes, hobbies, employer details and other personal facts”.
“What’s worrying is how easy it was for Freddi to go about his business. He now has enough information to create phishing emails or malware specifically targeted at individual users or businesses, to guess users’ passwords, impersonate them or even stalk them,” Graham Cluley, senior technology consultant at Sophos.
Link to this page