Facebook 'fraud' shows need for greater caution
Andy Johnson, CTV.ca News
Published Saturday, August 18, 2007 8:47AM EDT
A new study has found that a startling number of people are willing to add a complete stranger as a friend on Facebook, suggesting our level of caution towards the networking site is not what it should be.
The Facebook ID Probe by Boston-based Sophos Research was intended to illlustrate dangers of irresponsible use of social networking sites.
During the study, a fake profile was created using the name 'Freddi Staur' -- a play on the word "fraudster" -- and using a picture of a plastic frog who revealed little personal information about himself.
The company then sent out 200 random friend requests through Facebook, and found that 41 per cent of those queried accepted Freddi as a friend.
In total, 87 of those who were sent requests accepted, with 82 of them providing their personal information.
Ron O'Brien, senior security analyst at the Boston-based Sophos, said the numbers were troubling.
"It's extremely alarming how easy it was to get users to accept Freddi," he said in a release.
"While it's unlikely this will result directly in theft, it provides many of the essential elements needed to gain access to people's personal accounts. Additionally, it reveals specific user interests, enabling hackers to design targeted malware or phishing emails that they know the user is more likely to open."
The group also released a guide for safe and secure Facebook use.
Cyber safety expert Rob Nickel, author of "Staying Safe In a Wired World" said he's not surprised by the results of the study. He said it serves as further evidence that people are simply not as cautious as they should be when using social networking sites.
"I love when places like that do studies just to show that even though they have the security features, that they have to approve friends, they just add them," he tells CTV.ca.
The Sophos study found the following:
72 per cent of respondents provided one or more email address;
84 per cent listed their date of birth;
87 per cent listed details about their education or workplace;
78 per cent listed their address or location;
23 per cent listed their phone number;
26 per cent gave their instant messaging screen name.
Some of the users even made their family photos, resumes, and names of spouses available, and one even gave their mother's maiden name -- information often needed to retrieve email passwords.
Nickel says the level of caution towards social networking sites simply needs to increase.
"Why put that information out there if you don't have to? If someone wants to find out information about you, they can. My feeling is why make it easier for them?"
The Sophos study points out that Facebook's security features are far more advanced than many other social networking sites. Nickel agreed, but said users have to make use of those security features in order to have their information is protected.
"I never blame the technology or the companies. We have to live with this, that's why we have to educate the parents and the kids: don't put this information out there."
He said people will often decline to give their address or phone number online, but won't think twice before blogging about the family vacation they are taking to Cuba next week. A thief could read that, look up their address, then choose their home as a target knowing full well the family is out of town, Nickel said.
He added that people need to think about everything they put online, and consider whether it could cause harm in the future.
"You have to think like a bad guy: what would a criminal gain by having this information?" Nickel said.