Test Shows 41% Of Facebook Users Expose Themselves To Strangers
Sophos shows that some social networkers will readily reveal their personally identifying information -- to absolutely anyone or anything.
A social engineering test on Facebook showed that 41% of users readily hand out personally identifying information to complete strangers.
That, according to researchers at security company Sophos, puts them at great risk of identity theft and in line to receive massive dumps of spam and targeted malware attacks.
"It certainly doesn't bode well when you're talking about privacy concerns," said Ron O'Brien, senior security analyst at Sophos, which ran the test. "The information they're offering up could be just as valuable as credit card information for someone trying to build a profile of you. People need to be more selective about who they provide information to."
O'Brien told InformationWeek that they wanted to research the identity-theft risks associated with social networking. Running their own experiment, Sophos researchers created a profile on Facebook for a small plastic frog they named Freddi Staur, which is an anagram of "ID fraudster." Divulging only a small amount of information about himself, "Freddi" sent out 200 requests to a wide variety of other Facebook users, asking them to join the frog's friend list.
Of the 200 people contacted, 87 responded and agreed to be friends -- despite the fact that Freddi wasn't even a real, live person. O'Brien noted that 82% of them gave "Freddi" an open view of their profiles, listing enough personal information that an identity thief could easily take advantage of them. He added that 72% divulged at least one of their e-mail addresses, 84% gave up their date of birth, and 87% offered details about where they went to school and where they work.
Sophos also reported that 78% gave their current address.
"It's extremely alarming how easy it was to get users to accept Freddi," said O'Brien. "While it's unlikely this will result directly in theft, it provides many of the essential elements needed to gain access to people's personal accounts. Additionally, it reveals specific user interests, enabling hackers to design targeted malware or phishing e-mails that they know the user is more likely to open."
He added that social networking has become a modern reality, so people need to learn how to protect themselves while they're on sites like Facebook, MySpace, and LinkedIn.
"Collecting 'friends' is encouraged by social networking and business networking sites," added O'Brien. "It's a status thing to see how many friends or contacts you can rack up... This was intended to demonstrate to the average user that they need to exercise a lot of caution. The Web is a doorway and it shouldn't be constantly open."
The Business of Going DigitalDigital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
What The Business Really Thinks Of IT: 3 Hard TruthsThey say perception is reality. If so, many in-house IT departments have reason to worry. InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business views IT's performance in delivering services - and, more important, powering innovation. The news isn't great.