Would You "Friend" a Fake Frog on Facebook? Four in 10 Did

Would you "friend" a fictional frog on Facebook? Four in 10 Facebook members did, allowing him access to data that could lead to identity theft, according to IT Security firm Sophos.

To conduct the experiment, Sophos set up a profile page for 'Freddi Staur' (an anagram of 'ID Fraudster'). He's actually a green plastic frog who revealed minimal personal information about himself. Sophos then sent out 200 friend requests to observe how many people would respond, and how much personal information they'd give away.

Said Graham Cluley, senior technology consultant at Sophos,"While accepting friend requests is unlikely to result directly in theft, it is an enabler, giving cybercriminals many of the building blocks they need to spoof identities, to gain access to online user accounts, or potentially, to infiltrate their employers' computer networks."

In the majority of cases, Freddi was able to gain access to respondents' photos of family and friends, information about likes/dislikes, hobbies, employer details and other personal facts.

Many users also disclosed the names of their spouses or partners, several included their complete résumés. One user even divulged his mother's maiden name - information often requested by websites in order to retrieve account details.

Marketing Charts provides additional findings from the Sophos study.

Sophos provides a Facebook Best Practice guide here

Here are my online rules:
- I never put my age on any site correctly. I'm 107 on Facebook, for example.
- I do not give out my cell phone number on any site, or in my email signature.
- I never put my IM on any site.
- I never say where I am going, only where I have been.
- I don't "friend" people I don't know, or who put scant info in their profiles.

I guess men may follow different rules about stuff like this than women in the public view, but I think it's smarter to be safe than sorry.

I like your online rules BL. Sadly many people seem to have adopted an "Oprah-mentality" of letting it all hang out online. It was scary how many people gave their full snail mail address, phone numbers, etc *and* (in some cases) were happy to announce they were about to go on vacation for two weeks.

People need to learn that if they wouldn't be comfortable shouting it out from the top of their lungs in a crowded street they shouldn't post it on the internet either.

Thanks for mentioning our suggestions on how Facebook users can use its privacy settings for better security. I hope people take the time to read them, and learn to act more safely online.

Cheers
Graham Cluley, senior technology consultant, Sophos

Thanks for sharing your rules! I find it very interesting that someone would post their mother's maiden name on their Facebook page. Pretty scary!

These rules can also be applied to websites like MySpace as well. However, the only reason I would put my phone number up is for people to contact me for business deals...

re: the 40% who befriended a frog on Facebook...:
Geico runs a Tvc saying "people are smart".

No they aren't. And this is more evidence of people not fully grasping the implications of filling out forms, etc., online for all the world to see, scrape, exploit.

I mean, now there are "consultants" cleansing people's facebook/myspace pages 'cause they had photos of themselves being dipshits posted, and employers are looking to reject dipshits. Bad for business.

Freddi Staur "friends" deserve what they get.

people add me every day as a moose...

I don't see what the big deal is... anyone that would release enough personal information on FB to expose themselves to serious ID theft risk is probably already a hot target elsewhere.