Probe Finds Facebook Users in Danger of Identity Theft

Four out of 10 facebook users agree to befriend a small green plastic frog, allowing it personal access to their personal data. A leading IT security firm, Sophos, set out to learn the how readily FaceBook Users allowed their personal information to bare its naked self to other strangers. So Sophos set up a fake profile under the name of 'Freddi Staur' (an anagram of ID fraudster). They then sent out 200 random friend requests to users around the globe. Over two in five accepted and leaked personal information to the inanimate green desk ornament.

While accepting a friend request on facebook is unlikely to result in any direct personal theft, it gives cyber criminals direct access to the user's general information, the basic building blocks to access your other information, like credit cards, government records or your company documents.

In the majority of cases, Freddi gained access to photos of family and friends, information about likes/dislikes, hobbies, employer details and other personal facts, such as date of birth. Many users also disclosed the names of spouses or partners, showed their complete resumes and one user revealed his mothers maiden name, a common security measure at most banks.

"Freddi may look like a happy green frog that just wants to be friends, but actually he's happy because he's just encouraged 82 users to hand over their personal details on a plate," said Graham Cluely, senior technology consultant at Sophos.

If freddi was a walking, talking cyber punk humanoid with fingers and a brain, his new "friends" just became his new targets. Through all the jicy facts he acquired through Facebook friend requests, he can create phishing emails or malware targeted specifically at individuals or businesses. He can be creative and try to guess your password, try to impersonate you or stalk you.

Simply being on Facebook does not imply your identity will be stolen any time soon. Facebook usually stands above the competition in their security measures. The only real precautions derive from the Facebook users themselves, they're only human. In a social networking site the aim is to branch out and meet others. Also, humans are naturally social creatures, befriending a green frog is like saying your friends with Kermit.

Heed some words from the wise to keep your life from being hacked. Do not accept friend requests from people you do not directly know. If you want to be friendly but remain guarded, facebook offers the option of restricted profile access, allowing some to view a small portion of their profile.

Accepting a request from an anonymous friend is akin to a complete stranger approaching you and demanding your phone number, email, several pictures of you and your friends and your place of employment. None of you would say "Sure! Here you are sir, hope its all in order. By the way I get out of work in an hour if you're going to stalk me"!

Sophos Press release: http://www.sophos.com/pressoffice/news/articles/2007/08/facebook.html

Safety Guide practices: http://www.sophos.com/security/best-practice/facebook.html