Could a rubber duck steal your identity on Facebook?

Two years ago, I took a small plastic frog given to me by my nephew, and used it to demonstrate how easy it was to extract personal information from complete strangers on Facebook.

Now, Sophos’s Australian office has conducted the experiment again – and this time they found an even higher proportion of people were prepared to risk having their identity stolen.

With a $2 rubber duck they named Daisy Felettin, they created the profile of a 21-year-old single woman and sent out 50 friend requests to randomly-chosen strangers in the same age group.

With a picture of two cats on a rug they created 50-something housewife Dinette Stonily, and – again – sent out 50 friend requests to strangers in “her” age range.

The results are, quite frankly, disturbing…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley •   @gcluley

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.