CONSUMER NEWS RECALLS COMPLAINT FORM SCAM ALERTS

Small Claims Guide \| Class Actions \| Lemon Law \| FAQ \| Resources \| Newsletters \| Spanish
Automotive Education Electronics Family Finance Health Homeowners Shopping Travel

Many Facebook Users Compromise Own Identities

Careless consumers make identity theft easy, study finds

By Mark Huffman
ConsumerAffairs.com

August 20, 2007

• TSA Site Left Passenger Data Exposed To ID Theft
• Connecticut Governor Wants 'Opt Out' For Online Directories
• Verizon Gave Customer Data To Government Without Court Orders
• House Democrats Probe Warrantless Surveillance
• Many Facebook Users Compromise Own Identities
• Spy Court Tells White House To Fess Up
• FBI Uses Data Brokers, "Risk Scores" To Hunt Terrorists
• GAO: "Critical" Weaknesses In FBI Security Network
• How Safe Is That Free Wi-Fi Connection?
• Businesses Back Off Spy Chips
• Insurer Unlawfully Poached Consumers' Credit Reports
• GAO Cites Medical Privacy Issues
• Google Anti-Phishing Feature Accidentally Reveals Too Much
• Bush Spy Program Placed Under Court Review
• "National Security Letters" Used To Examine Americans' Financial Records
• Bush Gives Himself Authority to Search the Mail
• Court Shuts Down "Media Motor" Spyware Operation
• Consumerists Want FTC Probe of Online Advertising
• Firefox/Google Team Up To Fight Phishing
• Schwarzenegger Terminates Spychip Bill
• For Sale: Your Health Care Records
• Xanga.com Fined for Children's Privacy Violations
• Facebook Does an About Face
• Chase Trashes Tapes Containing Circuit City Customers' Data
---
• More Privacy News ...

Not all case of identity theft come from stolen notebook computers or vulnerable computer networks. Computer security firm Sophos says many members of the social networking site Facebook fail to take simple steps to guard against identity theft.

Compiled from a random snapshot of Facebook users, Sophos's research shows that 41 percent of users, more than two in five, will divulge personal information - such as email address, date of birth and phone number - to a complete stranger, greatly increasing their susceptibility to ID theft.

The Sophos Facebook ID Probe involved creating a fabricated Facebook profile before sending out friend requests to individuals chosen at random from across the globe.

To conduct the experiment, Sophos set up a profile page for 'Freddi Staur' (an anagram of 'ID Fraudster'), a small green plastic frog who divulged minimal personal information about himself. Sophos then sent out 200 friend requests to observe how many people would respond, and how much personal information could be gleaned from the respondents.

“Freddi may look like a happy green frog that just wants to be friends, but actually he's happy because he's just encouraged 82 users to hand over their personal details on a plate,” said Graham Cluley, senior technology consultant at Sophos.

“While accepting friend requests is unlikely to result directly in theft, it is an enabler, giving cybercriminals many of the building blocks they need to spoof identities, to gain access to online user accounts, or potentially, to infiltrate their employers' computer networks.”

Among the findings of the Sophos Facebook ID probe:

• 87 of the 200 Facebook users contacted responded to Freddi, with 82 leaking personal information (41% of those approached)

• 72% of respondents divulged one or more email address

• 84% of respondents listed their full date of birth

• 87% of respondents provided details about their education or workplace

• 78% of respondents listed their current address or location

• 23% of respondents listed their current phone number

• 26% of respondents provided their instant messaging screenname

In the majority of cases, Freddi was able to gain access to respondents' photos of family and friends, information about likes/dislikes, hobbies, employer details and other personal facts.

In addition, many users also disclosed the names of their spouses or partners, several included their complete résumés, while one user even divulged his mother's maiden name - information often requested by websites in order to retrieve account details.

“What's worrying is how easy it was for Freddi to go about his business. He now has enough information to create phishing emails or malware specifically targeted at individual users or businesses, to guess users' passwords, impersonate them or even stalk them,” Cluley said.

“Most people wouldn't give out their details to a stranger in the street, or even respond to a spam email, yet several of the users Freddi contacted went so far as to make him one of their 'top friends'. People need to realise that this is still unsolicited communication, despite it occurring within Facebook, and users must employ the same basic precautions - such as not responding in any way - to prevent exposure to wrongdoers.”

As well as the successful friend requests, a number of users unwittingly enabled Freddi to gain access to their profile information simply by sending response messages such as "Who are you?" and "Do I know you?" back to his Facebook inbox.

Sophos experts note that users' profiles can be protected from such exposure by adjusting the privacy controls within their Facebook account settings.

“It's important to remember that Facebook's privacy features go far beyond those of many competing social networking sites,” Cluley said. “This is about the human factor - people undoing all that good work through carelessness and being preoccupied with the kudos of having more Facebook friends than their peers, which could have a serious impact on business security, if accessed in the workplace.”

Report Your Experience
If you've had a bad experience -- or a good one -- with a consumer product or service, we'd like to hear about it. All complaints are reviewed by class action attorneys and are considered for publication on our site. Knowledge is power! Help spread the word. File your consumer report now.

May 17 2008

READER SERVICES

Print, Email & More

Free consumer newsletters
Sign up now!

Back to the top |

Terms of Use Your use of this site constitutes acceptance of the Terms of Use

Advertisements on this site are placed and controlled by outside advertising networks. ConsumerAffairs.com does not evaluate or endorse the products and services advertised. See the FAQ for more information.

Company Response Welcome If complaints about your company appear on our site, we welcome your response. Please see the Response Form for more information.

For more information, see the FAQ and privacy policy. The information on this Web site is general in nature and is not intended as a substitute for competent legal advice. ConsumerAffairs.com Inc. makes no representation as to the accuracy of the information herein provided and assumes no liability for any damages or loss arising from the use thereof.