February 10th, 2010 | 
Author: Facebook has over 350 million active users and a reported 700,000 new people joining the social networking website every day. But how carefully do Facebook users consider their online privacy?
In a recent study, we found that:
- 46% of Facebook users accepted friend requests from strangers
- 89% of users in their 20s divulged their full birthday
- Nearly 100% of users post their email address
- Between 30-40% of users list data about their family and friends
Identity thieves can use this information to commit crimes against individuals and their companies. Read our tips for better security on Facebook to secure your personal data and avoid identity theft.
The danger of Facebook identity theft
In late 2009, Sophos conducted an experiment to see how easy it can be to steal vital personal data from Facebook users. By creating two fake Facebook accounts and randomly friending users, we found that 46% of users accepted our friend requests, giving us access to a wealth of information.
Of the friended users in their 20s, 89% divulged their full birthdate on their profile. Almost all users posted their email address, and about half listed their town of residence. In the hands of an identity thief, this valuable information can be easily exploited.
Sophos conducted this experiment to determine if Facebook users had become more privacy-savvy in the two years since our first Facebook experiment in 2007. At that time, 41% of users divulged their sensitive personal information to a complete stranger. Our fake Facebook accounts had access to information that can help criminals guess someone’s password or even impersonate them.
What can Facebook users do to protect themselves?
Facebook’s privacy features generally go far beyond those of many competing social networking sites, but many users simply aren’t choosing their privacy options carefully, or haven’t learned how to behave safely online. Our Facebook Best Practices on security can help you reduce the risk of having your identity stolen.
Facebook, employee productivity and your company
Home users are not the only ones at risk. Businesses and other organizations can be the victims of a targeted attack by cybercriminals who are using stolen employee information to their advantage.
A Sophos poll revealed that 50% of employees are blocked from accessing Facebook at work, not just because of privacy concerns, but also due to fears that workplace productivity may be hit.
Companies are also concerned that employees may be writing material on Facebook, or publishing photographs and videos, which could cast their business in an embarrassing light.
Although sites like Facebook can be used for legitimate business purposes, we believe IT administrators should be given the power to decide whether access is appropriate for their company.
Introduction
ID fraudsters target Facebook and other social networking sites to harvest information about you. Here’s how we recommend you set your Facebook privacy options to protect against online identity theft.
How to adjust your settings
This guide walks you through some recommended privacy settings in Facebook, and shows you how to set more secure levels of privacy and reduce the chance of becoming a victim of online identity theft.
General security tips for Facebook
Adjust Facebook privacy settings to help protect your identity
Unlike some other social networking sites, Facebook has provided some powerful options to protect you online – but it’s up to you to use them!
Read the Facebook Guide to Privacy
At the very bottom of every page on Facebook, there’s a link that reads “Privacy.” The linked page is “A guide to privacy on Facebook,” which contains the latest privacy functions and policies. For example, with the latest changes in December 2009, Facebook discloses what it calls “Publicly available information.” This is information that is publicly viewable to anyone visiting your profile, and includes sensitive information like your name, current city and gender.
When in doubt, use the “How others see you” tool on Facebook’s privacy guide to check and make sure your privacy settings are properly set.
Think carefully about who you allow to become your friend
Once you have accepted someone as your friend they will be able to access any information about you (including photographs) that you have marked as viewable by your friends. You can remove friends at any time should you change your mind about someone.
Show “limited friends” a cut-down version of your profile
You can choose to make people ‘limited friends’ who only have access to a cut-down version of your profile if you wish. This can be useful if you have associates who you do not wish to give full friend status to, or feel uncomfortable sharing personal information with.
Disable options, then open them one by one
Think about how you want to use Facebook. If it’s only to keep in touch with people and be able to contact them then maybe it’s better to turn off the bells and whistles. It makes a lot of sense to disable an option until you have decided you do want and need it, rather than start with everything accessible.
Posted in 
Tags: 