Facebook users share data with frog

Freddi Staur

In fairy tales, pretty girls will kiss a frog; in the online world, they might divulge enough personal information to a frog to leave themselves vulnerable to identity theft.

Sophos, a Boston firm focused on information-technology security, decided to see how easy it was to get users of the social networking website facebook.com to divulge personal data; to conduct that experiment, Sophos said it fabricated a Facebook profile page for a small green plastic frog called Freddi Staur, the name being an anagram for "ID Fraudster."

Sophos said that it then sent out 200 friend requests to observe how people would respond to the faux frog and how much personal information could be gleaned from respondents.

According to Sophos, 41 percent of users divulged personal information such as an e-mail address, a date of birth, and a phone number to a complete stranger, greatly increasing their susceptability to identity theft.

"It's extremely alarming how easy it was to get users to accept Freddi," Sophos senior security analyst Ron O'Brien said in a statement. "Eighty-seven users accepted Freddi, and of those, 82 provided their personal information in the process."

In addition to its experiment, Sophos said it has published a best-practice user guide for "behaving securely on Facebook."
(By Chris Reidy, Globe staff)