Rubber Ducky Could Steal Your Identity, Sophos Warns
Sophos is once again drawing attention to the fact that internet users are not properly protecting their identity. Back in October Sophos went to the streets and asked people to share their private information – they asked people to give their full name, birth date and email address. All but one interviewed person refused to give Sophos personable, identifiable information. All the other people were more than happy to give a complete stranger information that could lead to identity theft (see here).
“We took the unusual step of acting like identity thieves by using a video camera to find out what people thought of identity theft. We were mortified by how many people were prepared to share their personal information with complete strangers,” commented at the time Senior Technology Consultant with Sophos, Graham Cluley.
That was then, this is now. So how is the company that specializes in providing antivirus, anti-spam, spyware removal software, network and internet security, data protection, and computer security solutions drawing attention to the fact that computer users do not protect their identity. Sophos bought a $2 rubber duck, took a picture of it and then set up a Facebook account.
The account, which used the image of the rubber duck, lead other Facebook users to believe it is the account of a 21-year-old single woman called Daisy Felettin (an anagram for false identity). Sophos then sent out 50 friend requests to randomly-chosen strangers in the same age group.
How did it all end up? As it turns out, 46 of the users who received the invitation were more than happy to become friends with Daisy the rubber duck. 89% of Daisy’s new friends revealed their full date of birth; 100% revealed their email address and other personal info which could be used for ID theft.
“Ten years ago it would have taken several weeks for con artists and identity thieves to gather this kind of information about a single person. Social networks have made it easier for the bad guys to scoop up information about innocent members of the public. Everyone must learn to be more careful about how they share information online, or risk becoming the victims of identity thieves,” commented Graham Cluley.
Additional info on Daisy Felettin and Sophos’ experiment are available here.
“We took the unusual step of acting like identity thieves by using a video camera to find out what people thought of identity theft. We were mortified by how many people were prepared to share their personal information with complete strangers,” commented at the time Senior Technology Consultant with Sophos, Graham Cluley.
That was then, this is now. So how is the company that specializes in providing antivirus, anti-spam, spyware removal software, network and internet security, data protection, and computer security solutions drawing attention to the fact that computer users do not protect their identity. Sophos bought a $2 rubber duck, took a picture of it and then set up a Facebook account.
The account, which used the image of the rubber duck, lead other Facebook users to believe it is the account of a 21-year-old single woman called Daisy Felettin (an anagram for false identity). Sophos then sent out 50 friend requests to randomly-chosen strangers in the same age group.
How did it all end up? As it turns out, 46 of the users who received the invitation were more than happy to become friends with Daisy the rubber duck. 89% of Daisy’s new friends revealed their full date of birth; 100% revealed their email address and other personal info which could be used for ID theft.
“Ten years ago it would have taken several weeks for con artists and identity thieves to gather this kind of information about a single person. Social networks have made it easier for the bad guys to scoop up information about innocent members of the public. Everyone must learn to be more careful about how they share information online, or risk becoming the victims of identity thieves,” commented Graham Cluley.
Additional info on Daisy Felettin and Sophos’ experiment are available here.
