• The Wall Street Journal, Tuesday, August 14, 2007 11 AM

Remember that cute someone you became fast Facebook friends with? Well, a new study says you should never underestimate a crook's capacity to upload fake photos and a fake profile to get a hold of your personal information. Sophos PLC says an astonishing 41% of Facebook users said they were willing to divulge phone numbers, email and home addresses to Facebook friends who were otherwise total strangers to them.

The Sophos study is more of a case study in that the research group created a fake Facebook profile, "Freddi Staur", and invited 200 random users to become a friend. For those who don't know, becoming a Facebook friend usually requires giving up some piece of personal information, depending on a user's privacy settings, which he or she is responsible for setting--though the report says that just 20% of Facebook users have changed their privacy settings from the default.

Out of 200 friend requests, 82 accepted the invite. 72% gave up an email address, 78% showed a current address or hometown and 23% a phone number. As Sophos security analyst Ron O'Brien says, users could be spammed or defrauded using that info; it could also be used to get at more sensitive personal information. In response, Chris Kelly, Facebook's chief privacy officer, said the site tracks unusual behavior like mass friend requests and deletes accounts from spammers or other fraudsters. Just not in this instance.

Read the whole story at The Wall Street Journal »