Results from a probe by IT security firm Sophos into how easy it is to steal identities via Facebook show the situation is worse than before.
Sophos says it created two fictitious users, a 21-year-old 'Daisy Felettin' and 56-year-old 'Dinette Stonily', each of whom sent out 100 random friend requests to Facebook users in their age-group.
Within two weeks, a total of 95 strangers chose to become friends with Daisy or Dinette - an even higher response rate than when Sophos first performed the experiment two years ago. Worse still, eight Facebookers befriended Dinette without even being asked.
"We assumed things would be better in 2009 but the situation is worse. This really is a wake-up call," says Paul Ducklin, Sophos head of technology for Asia-Pacific, who conducted the study. "Our honeymoon period with social networking sites ought to be over by now, but many users still have a 'couldn't care less' attitude to their personal data."
Some 89% of the users in their 20s and 57% of those in their 50s who befriended Daisy and Dinette also gave away their full date-of-birth. Also, just under half of the 20s group, and just under a third of the 50s crowd, gave away personal information about their friends and family.
"People aren't just handing over their own life story to criminals," warns Ducklin, "they're betraying people close to them, too, by helping those cyber crooks build up a detailed picture of their life and their milieu. This is an identity scammer's dream."
Sophos is calling on users of social networking sites to think much more strictly about what it means to accept someone as your friend.
"Ten years ago it would have taken several weeks for con artists and identity thieves to gather this kind of information about a single person," says Brett Myroff, CEO of Sophos SA. "Social networks have made it easier for criminals to scoop up information about members of the public.
“Everyone must learn to be more careful about how they share information online, or risk becoming the victims of identity thieves."
The tips Sophos has for users is to not blindly accept friends, use restrictive settings by default, and assume that everything one reveals on social networking sites will be on the Internet forever, no matter what steps are taken to delete it.
Share