Business & Finance
News
8/14/2007
12:09 PM
Connect Directly
RSS
E-Mail
50%
50%

Test Shows 41% Of Facebook Users Expose Themselves To Strangers

Sophos shows that some social networkers will readily reveal their personally identifying information -- to absolutely anyone or anything.

A social engineering test on Facebook showed that 41% of users readily hand out personally identifying information to complete strangers.

That, according to researchers at security company Sophos, puts them at great risk of identity theft and in line to receive massive dumps of spam and targeted malware attacks.

"It certainly doesn't bode well when you're talking about privacy concerns," said Ron O'Brien, senior security analyst at Sophos, which ran the test. "The information they're offering up could be just as valuable as credit card information for someone trying to build a profile of you. People need to be more selective about who they provide information to."

O'Brien told InformationWeek that they wanted to research the identity-theft risks associated with social networking. Running their own experiment, Sophos researchers created a profile on Facebook for a small plastic frog they named Freddi Staur, which is an anagram of "ID fraudster." Divulging only a small amount of information about himself, "Freddi" sent out 200 requests to a wide variety of other Facebook users, asking them to join the frog's friend list.

Of the 200 people contacted, 87 responded and agreed to be friends -- despite the fact that Freddi wasn't even a real, live person. O'Brien noted that 82% of them gave "Freddi" an open view of their profiles, listing enough personal information that an identity thief could easily take advantage of them. He added that 72% divulged at least one of their e-mail addresses, 84% gave up their date of birth, and 87% offered details about where they went to school and where they work.

Sophos also reported that 78% gave their current address.

"It's extremely alarming how easy it was to get users to accept Freddi," said O'Brien. "While it's unlikely this will result directly in theft, it provides many of the essential elements needed to gain access to people's personal accounts. Additionally, it reveals specific user interests, enabling hackers to design targeted malware or phishing e-mails that they know the user is more likely to open."

He added that social networking has become a modern reality, so people need to learn how to protect themselves while they're on sites like Facebook, MySpace, and LinkedIn.

"Collecting 'friends' is encouraged by social networking and business networking sites," added O'Brien. "It's a status thing to see how many friends or contacts you can rack up... This was intended to demonstrate to the average user that they need to exercise a lot of caution. The Web is a doorway and it shouldn't be constantly open."

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.