Facebook users fall for rubber duck's friend request
People still haven't learned that social sites are criminal gold mines, says security firm
Computerworld - Facebook users haven't learned to keep their personal information private, a security researcher said today after his company conducted a test that sent randomly-selected people a friend request from bogus accounts.
One of the account profiles sported only an image of a yellow rubber duck, while the other was represented by a pair of cats.
The test conducted by Sophos was similar to one the firm did two years ago, said Graham Cluley, a senior technical consultant at the U.K.-based security vendor. In the 2007 test, 41% of the Facebook users who received the request from "Freddi Staur," represented on Facebook by a toy frog, divulged personal information, such as their e-mail address, date of birth and phone number to the stranger.
In 2009, up to 46% of the people pinged from a pair of made-up accounts -- one allegedly a 21-year-old single woman, the second a 56-year-old married woman -- responded to the friend request. A majority of those who responded gave away their full date of birth and their e-mail address.
"It looks a little bit worse now than before," said Cluley, referring to the numbers of Facebook users willing to part with personal information. "It was staggering, actually."
The two separate requests -- each aimed at 100 randomly-chosen contacts in the two fake users' age groups -- also illustrated the difference between younger and older users on Facebook. Although the 50-something crowd responding to the request from "Dinette Stonily" were less likely to give out a fully-fleshed date of birth, they were three times more apt to hand out their phone number.
Relatively few people in either group -- just 4% of the group replying to 21-year-old "Daisy Feletin," and 6% of the older users -- gave out their full street address, however.
The "Daisy Feletin" profile used an image of a toy duck as the account holder's photograph.
People just don't seem to get it, Cluley said, no matter how many times they're warned that identity thieves and other criminals troll social networking services like Facebook for useful information. "Sometimes it seems that we're in a classroom, and all the students are donkeys," Cluley bemoaned.
"Ten years ago, it would have taken a con artist weeks, maybe with the help of a private investigator, to come up with this kind of information. Or diving in garbage bins," said Cluley.
Now, however, people see services like Facebook as entertainment. "They think they have nothing to lose, giving out information, but you have a lot to lose," Cluley warned. "People have to remember that the Internet is, to some extent, public. Criminals essentially have a one-in-two chance of getting information without even trying."
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts