The old adage goes that people love to talk about themselves, and nowhere is this more evident than on the popular Web 2.0 sites such as Facebook, Flickr, Twitter and MySpace. All of a sudden you have the ability to follow strangers’ everyday moves, see in great detail where they have been, and read all about it as they pen their memories on their blogs.
The concept is not a new one, though. As a kid I remember reading about people from distant countries looking for pen pals in our local magazines, to write them and share stories about your specific part of the world. I guess the internet has enabled pen pals to fast-track the process and share tons more info in a few keystrokes and mouse clicks than the measly few photos and words you could send in an envelope across the continental divide in a matter of weeks.
People seem to trust their online pen pals rather naively as well. In a recent study a software security firm set up a Facebook profile and sent out 200 random friend requests, to see how many people would respond, and how much identity information people were willing to share.
Just less than half the requests responded, with the majority willingly giving their email addresses, complete date of birth, education or workplace details as well their current addresses. A notable minority also gave out their phone numbers and instant-messaging screen names.
Clearly this is enough information for a person intending to commit identity fraud, and with a bit of social engineering one should be able to extract even more information to fake an identity successfully to the point where one can successfully commit fraud.
Fortunately social sites are evolving technologically along with the threats, and they realise the value of their user base and the protection and security that their users require to continue to use their sites. Have a decent browse around the site the next time before you enter your info, a bit of common sense might just go a long way to preventing some really nasty surprises down the line.