About 40% ofFacebookusers are willing to give
information thatID thievescould use to clone their
identities, says security software houseSophos.
Sophos set up a profile page for Freddi Staur (an anagram of "ID
Fraudster"), a small green frog who said almost nothing about
himself. Sophos then sent out 200 random friend requests to see how
many would respond, and how much personal information they would
supply.
From 87 responses
• 72% gave one or more e-mail addresses
• 84% listed their full date of birth
• 87% gave details about their education or workplace
• 78% listed their current address or location
• 23% gave their current phone number
• 26% provided their instant messaging screen name
Many also disclosed the names of their spouses or partners,
several included their complete work histories, and one gave his
mother's maiden name.
Some unwittingly enabled Freddi to gain access to their profile
information simply by sending response messages such as "Who are
you?" and "Do I know you?" back to his Facebook inbox. This allowed
the initial sender to view their profile information for the next
seven days.
Sophos said users can protect their profiles from such exposure
by adjusting the privacy controls in their Facebook account
settings.
Graham Cluley, senior technology consultant at Sophos, said,
"While accepting friend requests is unlikely to result directly in
theft, it is an enabler, giving cyber-criminals many of the
building blocks they need to spoof identities, to gain access to
online user accounts, or potentially, to infiltrate their
employers' computer networks."
Sophos has published a best-practice
user guide for behaving
securely on Facebook and other social network sites.
Comment on this article:
computer.weekly@rbi.co.uk