Technology firm, Sophos, set up a profile page on the website with a picture of a green frog called Freddi Staur – an anagram of I.D. fraudster. Sophos then sent 200 “friend requests” to Facebook users from the frog. It got reactions from 87 people, of which 82 gave away some of their personal information.
Of the 41% of respondents who leaked personal details, 87% gave their education or workplace, 84% listed their dates of birth and 72% gave one or more email address. Nearly a quarter (23%) even listed their phone numbers, Sophos found.
Facebook users can either accept or reject incoming “friend requests”. Users can also choose whether to let the sender see all their details or a limited part of their profile.
In most cases “Freddi” had access to the respondents’ photos of family and friends, likes and dislikes, hobbies, and other personal information.
Sophos senior technology consultant, Graham Cluley, warned: “What’s worrying is how easy it was for Freddi to go about his business. He now has enough information to create phishing emails or malware specifically targeted at individual users or businesses, to guess users’ passwords, impersonate them or even stalk them.”
Some of the respondents who did not accept Freddi’s friend request replied with messages such as “Who are you?” and “Do I know you?”. Even these brief replies gave Freddi access to the respondents’ Facebook profiles in most cases.
Sophos praised Facebook’s privacy settings, saying they were better than many of those offered by other social networking sites. The firm urged users to make full use of Facebook’s privacy features and to be wary of unsolicited messages received via the website.