Would you “friend” a fictional frog on Facebook? Four in 10 Facebook members did, allowing him access to data that could lead to identity theft, according to IT Security firm Sophos.
To conduct the experiment, Sophos set up a profile page for ‘Freddi Staur’ (an anagram of ‘ID Fraudster’). He’s actually a green plastic frog who gave out minimal personal information about himself. Sophos sent out 200 friend requests to observe how many people would respond, and how much personal information they would reveal.
Said Graham Cluley, senior technology consultant at Sophos,”While accepting friend requests is unlikely to result directly in theft, it is an enabler, giving cybercriminals many of the building blocks they need to spoof identities, to gain access to online user accounts, or potentially, to infiltrate their employers’ computer networks.”
In the majority of cases, Freddi was able to gain access to respondents’ photos of family and friends, information about likes/dislikes, hobbies, employer details and other personal facts.
Many users also disclosed the names of their spouses or partners, several included their complete résumés. One user even divulged his mother’s maiden name – information often requested by websites in order to retrieve account details.
Marketing Charts provides additional findings from the Sophos study.
Sophos provides a Facebook Best Practice guide here
Here are my online rules:
- I never put my age on any site correctly. I’m 107 on Facebook, for example.
- I do not give out my cell phone number on any site, or in my email signature.
- I never put my IM on any site.
- I never say where I am going, only where I have been.
- I don’t “friend” people I don’t know, or who put scant info in their profiles.
I guess men may follow different rules about stuff like this than women in the public view, but I think it’s smarter to be safe than sorry.
BL – Good rules. A few weeks ago I heard on the radio (Paul Harvey, if I remember right) that something like 1 out of 4 homes are impacted by identity theft.
I couldn’t believe it. My friends must keep it pretty close to the vest, then, because if that sample was representative, chances are I know quite a few people who have had their identities stolen in some form or fashion.
I actually know several people who’ve had that happen, but it was always the result of using a credit card offline.
maybe people don’t talk about it, like you said. dunno.
We do keep it quiet.
Oh, I haven’t use it
Interesting post. On and offline, people are all to eager to part with personal info that could come back to haunt them. Can privacy online actually exist?
“Can privacy online actually exist?”
Good question!
I think the answer is as much as offline. we live in a world where very little is private. which is one reason i keep my cell phone number to myself.
I know it’s a small thing, and I’ll give in to the joys of mobile messaging soon, but for now, it feels like i have some control. :>)
I agree, very little is private these days..
The extent to which we are willing to put ourselves and our personal information out there will determine just how private our lives are.
However, in some cases we don’t choose to put it out there in the first place, and once it is, its very hard to get it back again.
credit card companies seem to be among the worst offenders and we have to give them a ton of private info to get it.
hard to imagine living w/o a credit card these days, especially if you shop online.
so i don’t see an end in site, but CAN be sure we don’t make friend with fictional frogs. :>)