Accepting Strangers’ “Friend” Requests

Two years ago, the folks over at the Internet security company Sophos created a Facebook profile for a fictional character, Freddi Staur (that’s “ID fraudster,” if you’re inclined to rearrange the letters). Judging from appearances, you’d probably find Freddi to be pretty cute and charming, in that little-green-plastic-frog-from-London kind of way.  But would you trust him? Sophos had created the character to test a proposition among British social networkers: what percentage of people would respond to the Freddi’s “friend” requests? And how much personal info would they divulge?

Quite a bit, it turned out. Eighty-seven of 200 users contacted responded to Freddi’s solicitation, while 82 of them leaked some sort of personal information. Of those sharing sensitive data, 84% divulged a full date of birth, 87% provided details about workplace or education, and 78% listed a current address or location. While none of this information is on its own enough to commit major identity-related crimes (create new credit or financial accounts or taking over existing ones), this cavalier sharing of information was nonetheless troubling. Every little bit of information, after all, can be useful to identity fraudsters.


So little has changed. Reprising its earlier experiment in Australia, which Sophos expected to fare better than Sophos sent 100 friend requests a piece from the invented accounts of a 21-year-old single woman “Daisy Feletin,” represented by a toy rubber duck, and 56-year-old Dinette Stonily, a married woman whose profile picture was two cats lying on a rug (we’ll leave it to you to figure out those anagrams). Ninety-five of those solicited accepted the offer. Eight-nine percent of the respondents to Daisy Feletin shared their date of birth; 74 percent shared their college or workplace.

You can read more about Sophos’s findings here. And if you haven’t heard the much-publicized warnings about social networking over-sharing, it’s worth pointing them out once again: If you’re going to maintain an online presence on Facebook or any similar site, it’s best not to publicize full birth date information (Social security numbers and financial information should go without saying). Think through your privacy settings, be careful about who you become friends with online, and never divulge sensitive personal data electronically via e-mail or text messaging. Hackers have been known to get into accounts and pose as trusted individuals.