Would you “friend” a fictional frog on Facebook? Four in 10 Facebook members did, allowing him access to data that could lead to identity theft, according to IT Security firm Sophos.
To conduct the experiment, Sophos set up a profile page for ‘Freddi Staur’ (an anagram of ‘ID Fraudster’). He’s actually a green plastic frog who revealed minimal personal information about himself. Sophos then sent out 200 friend requests to observe how many people would respond, and how much personal information they’d give away.
Said Graham Cluley, senior technology consultant at Sophos,”While accepting friend requests is unlikely to result directly in theft, it is an enabler, giving cybercriminals many of the building blocks they need to spoof identities, to gain access to online user accounts, or potentially, to infiltrate their employers’ computer networks.”
In the majority of cases, Freddi was able to gain access to respondents’ photos of family and friends, information about likes/dislikes, hobbies, employer details and other personal facts.
Many users also disclosed the names of their spouses or partners, several included their complete résumés. One user even divulged his mother’s maiden name – information often requested by websites in order to retrieve account details.
Marketing Charts provides additional findings from the Sophos study.
Sophos provides a Facebook Best Practice guide here
Here are my online rules:
– I never put my age on any site correctly. I’m 107 on Facebook, for example.
– I do not give out my cell phone number on any site, or in my email signature.
– I never put my IM on any site.
– I never say where I am going, only where I have been.
– I don’t “friend” people I don’t know, or who put scant info in their profiles.
I guess men may follow different rules about stuff like this than women in the public view, but I think it’s smarter to be safe than sorry.