46% of users happy to reveal all to complete strangers
IT security and data protection firm Sophos has today released the results of its latest probe into how easy it is to steal identities via Facebook.
Sophos created two fictitious users with names based on anagrams of the words "false identity" and "stolen identity". 21-year-old "Daisy Felettin" was represented by a picture of a toy rubber duck bought at a $2 shop; 56-year-old "Dinette Stonily" posted a profile picture of two cats lying on a rug. Each sent out 100 friend requests to randomly-chosen Facebook users in their age-group.
Within two weeks, a total of 95 strangers chose to become friends with Daisy or Dinette - an even higher response rate then when Sophos first performed the experiment two years ago with a plastic frog. Worse still, in the latest study, eight Facebookers befriended Dinette without even being asked.
"We assumed things would be better in 2009 but the situation is worse. This really is a wake-up call," said Paul Ducklin, Head of Technology, Asia Pacific at Sophos in Sydney who conducted the study. "Our honeymoon period with social networking sites ought to be over by now - but many users still have a 'couldn't care less' attitude to their personal data."
89% of the 20-somethings and 57% of the 50-somethings who befriended Daisy and Dinette also gave away their full-date-of-birth. Nearly all the others suppressed their year of birth, but this is often easy to calculate or to guess from other information given out. Even worse, just under half of the 20-ish crowd, and just under a third of the 50-ish crowd, gave away personal information about their friends and family.
"People aren't just handing over their own life story to criminals," warned Ducklin. "They're betraying people close to them, too, by helping those cybercrooks build up a detailed picture of their life and their milieu. This is an identity scammer's dream."
Bookmarks