Test Shows 41% Of Facebook Users Expose Themselves To Strangers

A social engineering test on Facebook showed that 41% of users readily hand out personally identifying information to complete strangers.

That, according to researchers at security company Sophos, puts them at great risk of identity theft and in line to receive massive dumps of spam and targeted malware attacks.

"It certainly doesn't bode well when you're talking about privacy concerns," said Ron O'Brien, senior security analyst at Sophos, which ran the test. "The information they're offering up could be just as valuable as credit card information for someone trying to build a profile of you. People need to be more selective about who they provide information to."

O'Brien told InformationWeek that they wanted to research the identity-theft risks associated with social networking. Running their own experiment, Sophos researchers created a profile on Facebook for a small plastic frog they named Freddi Staur, which is an anagram of "ID fraudster." Divulging only a small amount of information about himself, "Freddi" sent out 200 requests to a wide variety of other Facebook users, asking them to join the frog's friend list.

Of the 200 people contacted, 87 responded and agreed to be friends -- despite the fact that Freddi wasn't even a real, live person. O'Brien noted that 82% of them gave "Freddi" an open view of their profiles, listing enough personal information that an identity thief could easily take advantage of them. He added that 72% divulged at least one of their e-mail addresses, 84% gave up their date of birth, and 87% offered details about where they went to school and where they work.

Sophos also reported that 78% gave their current address.

"It's extremely alarming how easy it was to get users to accept Freddi," said O'Brien. "While it's unlikely this will result directly in theft, it provides many of the essential elements needed to gain access to people's personal accounts. Additionally, it reveals specific user interests, enabling hackers to design targeted malware or phishing e-mails that they know the user is more likely to open."

He added that social networking has become a modern reality, so people need to learn how to protect themselves while they're on sites like Facebook, MySpace, and LinkedIn.

"Collecting 'friends' is encouraged by social networking and business networking sites," added O'Brien. "It's a status thing to see how many friends or contacts you can rack up... This was intended to demonstrate to the average user that they need to exercise a lot of caution. The Web is a doorway and it shouldn't be constantly open."