With the help of two fictional women, Sophos UK has discovered that despite years of education and public exhortations for users to protect their personal information on Facebook, many users on the social networking site are still open to befriending complete strangers.
The company used a fake person named Freddi Staur in a study in England back in 2007 and found that 43 percent of users in a probe accepted the green plastic frog’s invitation for a Facebook friendship.
“That was in 2007, and in England. What about 2009, in Australia?” asks Paul Ducklin, head of technology in Asia Pacific for Sophos, in a blog post.
“With an additional two years' worth of well-publicised warnings from security companies, the media, the cops and from Facebook itself, and with Aussies generally backing themselves to be better at almost everything than the English, surely things would show an improvement?”
The answer is disappointing.
Sophos created two phony Aussie ladies named Daisy Feletin (21, single) and Dinette Stonily (56, married). Each user sent out 100 random friend requests to users in their respective age groups and waited two weeks to see what the response would be.
For Daisy, the 21-year-old single lady, 46 percent of the randomly selected users accepted her friend request, giving her a total of 46 friends gained during the two-week observation.
Of this group, 89 percent shared their full date of birth and 100 percent shared their e-mail addresses on their profiles. Seventy-four percent shared their college or workplace, 50 percent shared their town or suburb and 46 percent shared their family and friend data.
Just 4 percent shared their full address, 7 percent shared their phone number and 13 percent shared their IM screen name. These 46 friends had an average of 220 friends on Facebook.
For Dinette, the 56-year-old married lady, 41 percent of the users accepted her friend request. However, she ended up with 49 total friends thanks to eight Facebook users adding her as a friend on their own, explaining why these older friends had an average of 932 friends on Facebook, according to Ducklin.
Of this group, 57 percent shared their full date of birth (35 percent shared their partial date of birth) and 88 percent shared their e-mail addresses. Twenty-two percent shared their college or workplace, 43 percent shared their town or suburb and 31 percent shared their family and friend data.
Six percent of this older crowd shared their full address, but 23 percent shared their phone number and 18 percent shared their IM screen name.
The richness of the data gleaned from these users by way of these fake Facebook accounts is worrying because of the starting points from which ill-willed scammers can launch their malicious schemes.
“Ten years ago, getting access to this sort of detail would probably have taken a con-artist or an identify thief several weeks, and have required the on-the-spot services of a private investigator. Sadly, these days, many social networkers are handing over their life story on a plate,” wrote Ducklin.
Sources:
http://www.sophos.com/blogs/duck/g/2009/12/06/facebook-id-probe-2009/
http://news.cnet.com/8301-17939_109-10410257-2.html?tag=newsEditorsPicksArea.0
Digg 
