BOSTON -- Sophos, a world leader in IT security and control, is warning social networking users of the dangers of allowing strangers to gain access to their online profiles, following new research into the risks of identity and information theft occurring through Facebook. Compiled from a random snapshot of Facebook users, Sophos's research shows that 41 percent of users, more than two in five, will divulge personal information - such as email address, date of birth and phone number - to a complete stranger, greatly increasing their susceptibility to ID theft. To coincide with the research, Sophos has also published a best-practice user guide for behaving securely on Facebook, which reportedly signs up 100,000 new users every day.

The Sophos Facebook ID Probe involved creating a fabricated Facebook profile before sending out friend requests* to individuals chosen at random from across the globe. To conduct the experiment, Sophos set up a profile page for 'Freddi Staur' (an anagram of 'ID Fraudster'), a small green plastic frog who divulged minimal personal information about himself. Sophos then sent out 200 friend requests to observe how many people would respond and how much personal information could be gleaned from the respondents.

“It’s extremely alarming how easy it was to get users to accept Freddi. Eighty-seven users accepted Freddi, and of those, 82 provided their personal information in the process,” said Ron O’Brien, senior security analyst at Boston-based Sophos. “While it’s unlikely this will result directly in theft, it provides many of the essential elements needed to gain access to people’s personal accounts. Additionally, it reveals specific user interests, enabling hackers to design targeted malware or phishing emails that they know the user is more likely to open.”

Sophos plc