Sophos Research Highlights Dangers of Irresponsible Behavior on Social
BOSTON, August 14 /CNW/ - Sophos, a world leader in IT security and
control, is warning social networking users of the dangers of allowing
strangers to gain access to their online profiles, following new research into
the risks of identity and information theft occurring through Facebook.
Compiled from a random snapshot of Facebook users, Sophos's research shows
that 41 percent of users, more than two in five, will divulge personal
information - such as email address, date of birth and phone number - to a
complete stranger, greatly increasing their susceptibility to ID theft. To
coincide with the research, Sophos has also published a best-practice user
guide for behaving securely on Facebook, which reportedly signs up 100,000 new
users every day.
The Sophos Facebook ID Probe involved creating a fabricated Facebook
profile before sending out friend requests(*) to individuals chosen at random
from across the globe. To conduct the experiment, Sophos set up a profile page
for 'Freddi Staur' (an anagram of 'ID Fraudster'), a small green plastic frog
who divulged minimal personal information about himself. Sophos then sent out
200 friend requests to observe how many people would respond and how much
personal information could be gleaned from the respondents.
"It's extremely alarming how easy it was to get users to accept Freddi.
Eighty-seven users accepted Freddi, and of those, 82 provided their personal
information in the process," said Ron O'Brien, senior security analyst at
Boston-based Sophos. "While it's unlikely this will result directly in theft,
it provides many of the essential elements needed to gain access to people's
personal accounts. Additionally, it reveals specific user interests, enabling
hackers to design targeted malware or phishing emails that they know the user
is more likely to open."
An image of Freddi Staur can be found at:
The full results of the Sophos Facebook ID Probe follow:
-- 87 (hereafter referred to as "respondents") of the 200 Facebook users
contacted responded to Freddi, with 82 leaking personal information (41
percent of those approached)
-- 72 percent of respondents divulged one or more email address
-- 84 percent of respondents listed their full date of birth
-- 87 percent of respondents provided details about their education or
-- 78 percent of respondents listed their current address or location
-- 23 percent of respondents listed their current phone number
-- 26 percent of respondents provided their instant messaging screen
In the majority of cases, Freddi was able to gain access to respondents'
photos of family and friends, information about likes and dislikes, hobbies,
employer details and other personal facts.
Additionally, many users also disclosed the names of their spouses or
partners, several included their complete resumes, while one user even
divulged his mother's maiden name - information often requested by websites in
order to retrieve account details.
"Facebook's privacy features are far more advanced than competing social
networking sites; however, there is still human factor that must be taken into
account. Most people wouldn't give out their personal information to a
stranger on the street, but online in the context of a friend request, they
had no problem doing so, which can have significant ramifications for the
individual," O'Brien continued. "Further, it is also important for businesses
to recognize the potential threat if these sites are utilized in the
workplace. They can put significant strain on the network and can also expose
confidential corporate data to malicious outsiders."
In addition to the successful friend requests, a number of users
unwittingly enabled Freddi to gain access to their profile information simply
by sending response messages such as "Who are you?" and "Do I know you?" back
to his Facebook inbox. Sophos experts note that users' profiles can be
protected from such exposure by adjusting the privacy controls within their
Facebook account settings.
Sophos also conducted a test in which it poked(xx) another 100 random
Facebook users to see if this form of communication would elicit the same
response and encourage people to let Freddi access their details. However,
just eight people responded, with only five revealing personal information.
Very few wanted to engage in this form of casual correspondence, suggesting
that, true to the site's ethos, Facebook users are primarily interested in
commitment and friendship.
Sophos's user guide for behaving securely on Facebook is available at:
To listen to the latest Sophos podcast, which discusses the potential
risks posed by social networking websites, please visit:
(*)Facebook users can either accept or reject incoming friend requests. If
accepted, they allow the sender to gain access to their Facebook profile.
Users can also choose whether to allow the sender to see all of their details
or restrict them to viewing a limited section of their profile.
(xx)"Poking" is a way for Facebook users to interact with one another.
According to the Facebook website, it is a feature designed "without any
specific purpose." When a user is poked, an icon appears on their Facebook
homepage, with the option to 'remove poke' or 'poke back.' By choosing to poke
back, the user allows the initial sender to view their profile information for
the next seven days. Further information can be found at:
Sophos is a world leader in IT security and control. Sophos offers
complete protection and control to business, education and government
organizations - defending against known and unknown malware, spyware,
intrusions, unwanted applications, spam, policy abuse and uncontrolled network
access (NAC). Sophos's reliably engineered, easy-to-operate products protect
more than 100 million users in more than 150 countries and are procured
exclusively through channel partners. Through over 20 years' experience and a
global network of threat analysis centers, the company responds rapidly to
emerging threats and achieves the highest levels of customer satisfaction in
the industry. Sophos is a global company with headquarters in Boston, MA, and
Oxford, UK. For more information on Sophos, visit www.sophos.com.
For further information:
For further information: Racepoint Group Heather Ailara, 781-487-4650
firstname.lastname@example.org or Sophos Jennifer Torode, 781-494-5885