Facebook Easy Target for Identity Thieves

I’ll admit it: I’m somewhat of a Facebook junkie. Not an addict, but I confess to logging on at least once per day. For the uninitiated, Facebook is the latest trend in social networking sites. It’s similar to Myspace, but with a much cleaner interface and a far superior overall user experience. Facebook isn’t only for the younger generation either. A large proportion of new users are actually over thirty.

From a security perspective, Facebook is also a safer online environment than Myspace. It allows users to modify their privacy settings so that not all of their personal information can be seen to everyone. If you’re on Facebook and haven’t visited the Privacy page of your profile, I strongly suggest exploring the settings available. Simply click on ‘Privacy’ in the right hand corner of the Facebook page and you can adjust accordingly.

Regardless of how picky you are as to who has access to your information, Facebook users are still far too giving with respect to personal data. Earlier this month, Sophos, an IT Security company, conducted a social experiment to discover how easy it would be for a prospective identify thief to gather enough information to effectively steal someone’s identity. The results were astounding. The Sophos experiment involved creating a fabricated Facebook profile before sending out “friend requests” to individuals chosen at random from across the globe. To conduct the experiment, Sophos set up a profile page for 'Freddi Staur' (a clever anagram of 'ID Fraudster'), a small green plastic frog (yes, really, a plastic frog) who divulged minimal personal information about himself. Researchers then sent out 200 friend requests to observe how many people would respond, and how much personal information could be gleaned from the respondents.

The results:

• 87 of the 200 Facebook users contacted responded to Freddi, 82 of them leaking personal information (41% of those contacted)
  
• 72% of respondents divulged one or more email address
  
• 84% of respondents listed their full date of birth
  
• 87% of respondents provided details about their education or workplace
  
• 78% of respondents listed their current address or location
  
• 23% of respondents listed their current phone number
  
• 26% of respondents provided their instant messaging screen name

In almost all cases, Freddi was able to gain access to respondents' photos of family and friends, information about likes/dislikes, hobbies, employer details and other personal facts. Also, many users also disclosed the names of their spouses/partners several included their complete résumés, while one user even divulged his mother's maiden name (big no-no).

As bad as these numbers seem, I was actually surprised that even more people didn’t accept the frog’s request for friendship. Perhaps I’m somewhat cynical, but from my own experience, I find most Internet users in general far too accommodating when it comes to providing information. This past week I’ve asked a number of friends how they would respond to “friend requests” from an attractive member of the opposite sex, even if they didn’t know them most would accept the request. Remember, as soon as someone is your friend, depending on your privacy settings, they can see all sorts of information about you.

According to Frank Abagnale, author of Stealing Your Life (highly recommended reading), identity thieves only need a few pieces of information about you to facilitate the acquisition of your Social Insurance Number (Social Security Number in the States). Once they have your SIN, obtaining credit in your name is much easier than you think. Your birthday, phone number and address may be all they need. As soon as I read that, I immediately removed my birthday from my Facebook profile. My advice is to limit the information you place on your profile—even to friends. At least that’s a good start.