RSS Alerts

Related Links

  • Sophos
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • Twitter and Facebook – a gift to criminals
    Posting your address and then updates about when you are going on holiday onto social networking sites such as Twitter and Facebook is a gift to potential burglars, and a headache for insurers.
  • Twitter, Facebook still suffering from internet packet delays
    The hacker attack on Twitter on Thursday afternoon UK time - which appears to have also spilled over to the Facebook social networking site - is now thought to have been the work of political activists who wanted to stop a pro-Georgian blogger - Cyxymu - from making his/her postings on the sites.
  • Privacy rankings: LinkedIn and Bebo high, Facebook and MySpace average, Badoo low
    Cambridge academics have revealed that social networks that promote their security controls are likely to deter users from joining, and as a result privacy guidelines are inaccessible.
  • Tony Blair's hacked Facebook profile contains a serious message
    Politics aside, the recent hack of Tony Blair’s Faith Foundation Facebook page reveals a serious problem with the application used in the page’s creation, says application vulnerability specialist, Fortify Software.
  • Face-off in Oxford
    Britain’s oldest university has become a flashpoint for students’ use of social networking and privacy, while companies debate whether to block or encourage Facebook and its rivals. SA Mathieson reports

News

Sophos warns of Facebook `Rubber Duck' identity theft

07 December 2009

How easy is it to steal an identity on Facebook, the popular social networking portal? Very, as Sophos Asia-Pacific discovered recently when it carried out the Facebook equivalent of a honeypot hacker trap.

For its identity theft tests, the IT security vendor said it created two falsely named accounts - using anagrams of the words "false identity" and "stolen identity".

21-year-old "Daisy Feletin" was represented by a picture of a toy rubber duck bought at a $2 shop, whilst 56-year-old "Dinette Stonily" posted a profile picture of two cats lying on a rug.

According to Sophos, each Facebook newbie then sent out 100 friend requests to randomly-chosen Facebook users in their age-group.

Within two weeks, a total of 95 strangers chose to become friends with Daisy or Dinette - an even higher response rate, Sophos said, when it s first performed the Facebook experiment two years ago with a plastic frog.

Perhaps worse, Infosecurity notes, eight Facebook users befriended 21-year-old Dinette without even being asked.

Paul Ducklin, Sophos' head of technology for the Asia-Pacific region, said that the situation in 2009 is something of a wake-up call, as the veteran IT security company thought the responses would be lower in 2009.

"Our honeymoon period with social networking sites ought to be over by now - but many users still have a 'couldn't care less' attitude to their personal data", he said.

According to Ducklin, 89% of the 20-somethings and 57% of the 50-somethings who befriended Daisy and Dinette also gave away their full date-of-birth.

Nearly all the others suppressed their year of birth, but this, says Ducklin, is often easy to calculate or to guess from other information given out.

Even worse, just under half of the 20-ish crowd, and just under a third of the 50-ish crowd, gave away personal information about their friends and family.

"People aren't just handing over their own life story to criminals", warned Ducklin. "They're betraying people close to them, too, by helping those cybercrooks build up a detailed picture of their life and their milieu. This is an identity scammer's dream."

As a result of its findings, Sophos is calling on users of social networking sites to think much more strictly about what it means to accept someone as your friend.

"We're not trying to be killjoys", said Ducklin. "We just want you to be much more circumspect about whom you choose to trust online."

 

This article is featured in:
Identity and Access Management

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water