Facebook fraud threat warningSome users divulge too much personal information
16 August 2007
Some Facebook users are in danger of being scammed by identity thieves because they're divulging too much personal information online.
A snapshot survey by IT security specialists Sophos found that 41 per cent of users revealed personal information - such as email address, date of birth and phone number - to a complete stranger.
Sophos made up a Facebook page for a small green plastic frog called Freddi Staur - an anagram of ID Fraudster.
It then sent out 200 friend requests to observe how many people would respond, and how much personal information could be gleaned from the respondents.
Facebook users can either accept or reject incoming friend requests.
Users can also choose whether to let the sender see all their details or a limited part of their profile.
The Sophos ID probe found that 87 of the 200 Facebook users it contacted responded to Freddi, with 82 of those divulging personal information.
It also found that:
- 72 per cent of respondents divulged one or more email address
- 84 per cent respondents listed their full date of birth
- 87 per cent of respondents provided details about their education or workplace
- 78 per cent of respondents listed their current address or location
- 23 per cent of respondents listed their current phone number
- 26 per cent of respondents provided their instant messaging screen name
In the majority of cases, Freddi was able to gain access to respondents' photos of family and friends, information about likes/dislikes, hobbies, employer details and other personal facts.
Many users also revealed the names of their spouses or partners, several included their complete résumés, while one user even divulged his mother's maiden name - information often requested by websites in order to retrieve account details.
Graham Cluley, senior technology consultant at Sophos said: ‘What's worrying is how easy it was for Freddi to go about his business. He now has enough information to create phishing emails or malware specifically targeted at individual users or businesses, to guess users' passwords, impersonate them or even stalk them.
‘Most people wouldn't give out their details to a stranger in the street, or even respond to a spam email, yet several of the users Freddi contacted went so far as to make him one of their 'top friends'. People need to realise that this is still unsolicited communication, despite it occurring within Facebook, and users must employ the same basic precautions - such as not responding in any way - to prevent exposure to wrongdoers.’