Sunday, August 19, 2007

Undiscriminating Facebook users at risk

I've blogged before about Facebook. I like the service and I especially like the privacy controls they've built into the system. Users control how much information they make available, either to strangers or friends. Most users who give any thought to privacy lock down what information is made available to the world at large and only let chosen "friends" have access to the piles of pesonal information that most users put online.

The distinction in Facebook is always between "friends" and others. But the user's only defence is carefully choosing who is let into that select group.

Unfortunately, more than four in ten users will let anyone (including a frog) be their friend. Sophos did a recent study, setting up a fake profile of a frog and sent out 200 friend requests. More than forty percent of the requests were accepted, allowing those who created the frog profile to see their personal information. (See: Sophos Facebook ID probe shows 41% of users happy to reveal all to potential identity thieves.)

"So what?" you might ask. Many Facebook users' profiles contain:

  • Full name
  • Home address
  • Full date of birth
  • Phone number
  • Information on relatives
  • Information on friends
  • Work information

If I know your address, your full name, your employer and your date of birth, that's enough to fill out a credit card application in your name. (Not that I would!)

Promiscuous, undiscriminating Facebook users beware!

Thanks for the link: B.L. Ochman's weblog: Internet marketing strategy, social media trends, news and commentary.: Would You "Friend" a Fake Frog on Facebook? Four in 10 Did.

No comments: