Test Shows 41% Of Facebook Users Expose Themselves To Strangers
Sophos shows that some social networkers will readily reveal their personally identifying information -- to absolutely anyone or anything.
A social engineering test on Facebook showed that 41% of users readily hand out personally identifying information to complete strangers.
That, according to researchers at security company Sophos, puts them at great risk of identity theft and in line to receive massive dumps of spam and targeted malware attacks.
"It certainly doesn't bode well when you're talking about privacy concerns," said Ron O'Brien, senior security analyst at Sophos, which ran the test. "The information they're offering up could be just as valuable as credit card information for someone trying to build a profile of you. People need to be more selective about who they provide information to."
O'Brien told InformationWeek that they wanted to research the identity-theft risks associated with social networking. Running their own experiment, Sophos researchers created a profile on Facebook for a small plastic frog they named Freddi Staur, which is an anagram of "ID fraudster." Divulging only a small amount of information about himself, "Freddi" sent out 200 requests to a wide variety of other Facebook users, asking them to join the frog's friend list.
Of the 200 people contacted, 87 responded and agreed to be friends -- despite the fact that Freddi wasn't even a real, live person. O'Brien noted that 82% of them gave "Freddi" an open view of their profiles, listing enough personal information that an identity thief could easily take advantage of them. He added that 72% divulged at least one of their e-mail addresses, 84% gave up their date of birth, and 87% offered details about where they went to school and where they work.
Sophos also reported that 78% gave their current address.
"It's extremely alarming how easy it was to get users to accept Freddi," said O'Brien. "While it's unlikely this will result directly in theft, it provides many of the essential elements needed to gain access to people's personal accounts. Additionally, it reveals specific user interests, enabling hackers to design targeted malware or phishing e-mails that they know the user is more likely to open."
He added that social networking has become a modern reality, so people need to learn how to protect themselves while they're on sites like Facebook, MySpace, and LinkedIn.
"Collecting 'friends' is encouraged by social networking and business networking sites," added O'Brien. "It's a status thing to see how many friends or contacts you can rack up... This was intended to demonstrate to the average user that they need to exercise a lot of caution. The Web is a doorway and it shouldn't be constantly open."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.