http://www.dailytelegraph.com.au/news/facebook-users-sitting-ducks-for-identity-theft/story-e6freuy9-1225807133897USERS of networking site Facebook are sitting ducks for internet criminals looking to steal their identities.
In research commissioned by The Daily Telegraph, which has shocked even top fraud squad police, almost half of users in their 20s agreed to a request from a rubber duck to be Facebook "friends".
A similar result occurred with a group of internet users in their 50s, with many agreeing to be Facebook friends with a photo of two cats.
Many of the Facebook users in both age groups volunteered some of their most intimate details to both the rubber duck and the cats, including their full date of birth, workplace, email address and location. Some even volunteered full addresses and phone numbers without prompting.
The study was conducted by leading internet security firm Sophos.
It has raised serious questions about the wisdom of average internet users, given the friend requests were sent without any introduction.
One of the world's top experts on cyber-crime, Superintendent Brian Hay of the Queensland Fraud Squad, said the results were "frightening".
"Some people have surrendered almost all the information a criminal needs as the foundation to represent those people and take out financial instruments in their name," he said.
"It shows scammers don't have to work very hard to find their victims."
The rubber duck posed under the bogus name Daisy Feletin, an anagram of "False Identity". Sophos asked 100 Facebook users in their 20s to be the duck's friend.
More than 46 per cent who were sent requests agreed to be friends with Daisy within two weeks.
Of those who accepted Daisy as a friend, 98 per cent gave either a full or partial date of birth to the duck. All provided a full email address.
Most alarmingly, 4 per cent even gave their full address and 7 per cent gave phone numbers. Other details given included photographs, the names of spouses/siblings/relatives/friends, job and education histories and social interests.
Even those in their 50s gave out far too much information to the cats dubbed Dinette Stonily (anagram of Stolen Identity). Of the 41 per cent who accepted "friend" requests in the Sophos study, 92 per cent gave a full or partial date of birth, 88 per cent gave an email address and 22 per cent gave a place of work or study.
Older people were also more willing than younger people to give out their full address and phone information - 22 per cent provided a personal phone number.
Sophos boss Paul Ducklin said Facebook users were also compromising family and friends: "People should assume that you can never permanently remove details."
Mr Ducklin said he was surprised people were so ready to volunteer such information with so little prompting from an anonymous toy.
"It's clearly not a person. Why would you trust a toy from a $2 shop?" he said.
Supt Hay said protecting identity was more imperative than ever, with the harvesting of personal information the starting point for serious crimes such as mortgage fraud.
"We know criminals are out there targeting Facebook. Throw into the mix that people are giving away too much about themselves and you've got a real problem," he said.
"The risk that people are prepared to endure for social interaction could potentially spoil lives.
"If your identity is stolen, you have to continually prove yourself. The stress can break up marriages and lead to serious health problems."