Facebook users fall for rubber duck's friend request
People still haven't learned that social sites are criminal gold mines, says security firm
Computerworld - Facebook users haven't learned to keep their personal information private, a security researcher said today after his company conducted a test that sent randomly-selected people a friend request from bogus accounts.
One of the account profiles sported only an image of a yellow rubber duck, while the other was represented by a pair of cats.
The test conducted by Sophos was similar to one the firm did two years ago, said Graham Cluley, a senior technical consultant at the U.K.-based security vendor. In the 2007 test, 41% of the Facebook users who received the request from "Freddi Staur," represented on Facebook by a toy frog, divulged personal information, such as their e-mail address, date of birth and phone number to the stranger.
In 2009, up to 46% of the people pinged from a pair of made-up accounts -- one allegedly a 21-year-old single woman, the second a 56-year-old married woman -- responded to the friend request. A majority of those who responded gave away their full date of birth and their e-mail address.
"It looks a little bit worse now than before," said Cluley, referring to the numbers of Facebook users willing to part with personal information. "It was staggering, actually."
The two separate requests -- each aimed at 100 randomly-chosen contacts in the two fake users' age groups -- also illustrated the difference between younger and older users on Facebook. Although the 50-something crowd responding to the request from "Dinette Stonily" were less likely to give out a fully-fleshed date of birth, they were three times more apt to hand out their phone number.
Relatively few people in either group -- just 4% of the group replying to 21-year-old "Daisy Feletin," and 6% of the older users -- gave out their full street address, however.
The "Daisy Feletin" profile used an image of a toy duck as the account holder's photograph.
People just don't seem to get it, Cluley said, no matter how many times they're warned that identity thieves and other criminals troll social networking services like Facebook for useful information. "Sometimes it seems that we're in a classroom, and all the students are donkeys," Cluley bemoaned.
"Ten years ago, it would have taken a con artist weeks, maybe with the help of a private investigator, to come up with this kind of information. Or diving in garbage bins," said Cluley.
Now, however, people see services like Facebook as entertainment. "They think they have nothing to lose, giving out information, but you have a lot to lose," Cluley warned. "People have to remember that the Internet is, to some extent, public. Criminals essentially have a one-in-two chance of getting information without even trying."
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts