Two years ago, I took a small plastic frog given to me by my nephew, and used it to demonstrate how easy it was to extract personal information from complete strangers on Facebook.
Now, Sophos’s Australian office has conducted the experiment again – and this time they found an even higher proportion of people were prepared to risk having their identity stolen.
With a $2 rubber duck they named Daisy Felettin, they created the profile of a 21-year-old single woman and sent out 50 friend requests to randomly-chosen strangers in the same age group.
With a picture of two cats on a rug they created 50-something housewife Dinette Stonily, and – again – sent out 50 friend requests to strangers in “her” age range.
The results are, quite frankly, disturbing.
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
Paul Ducklin (yes, that really is his name..), Sophos’s head of technology in Asia Pacific, who oversaw the investigation, discovered that 46% of users approached were happy to become friends and revealed personal information to Daisy the rubber duck – despite having no clue who she was.
In fact, 89% of Daisy’s new friends had published their full date of birth, 100% had revealed their email address, alongside other personal information which could be a boon to identity thieves and spammers.
Dinette’s newly found friends, however, were of an older demographic and were typically less willing to share their full date of birth (although in many cases it could still be derived from other information they provided), but an astonishing 23% were willing to offer their phone number. Additionally, an eyebrow must be raised as to why this older age group claimed to have 932 Facebook friends on average (the younger crowd had 220). How is it possible to ever call that many people “friends”?
Ten years ago it would have taken several weeks for con artists and identity thieves to gather this kind of information about a single person. Social networks have made it easier for the bad guys to scoop up information about innocent members of the public. Everyone must learn to be more careful about how they share information online, or risk becoming the victims of identity thieves.