Meet Sarah K. Noonan: She's attractive. She's 27. She lives in Miami and is in a complicated relationship. She's a Democrat with more than 480 friends on Facebook.

And she doesn't exist.

Sarah K. Noonan was a fake account on Facebook that duped 48 friends in my network who added her as a friend. Dozens of her "friends" have told me they added her because they assumed they had met the smoky-eyed, dark-haired girl somewhere. And they trusted her because they had friends in common with the phony account.

Her profile was created in February as a marketing experiment by the Canadian advertising agency RPCGROUP, and had been friending an average of 20 people a day for the past few weeks. It was removed from Facebook recently after the agency's chief executive, Rod Ponce, was interviewed about the account.

Ponce said a group of RPCGROUP interns created the Noonan account to explore what makes a trendsetter and how users react to different types of posts. He stressed it was not used in a commercial way to promote anything and has apologized for any confusion this may have caused.

"We don't want to offend anybody," Ponce said. "It's really to see how people socialized."

In fact, it was so easy for Noonan to get friends, Ponce said it freaked out one of his interns who unfriended anyone he didn't know on his profile. Between 30 to 40 percent of the people Noonan friended accepted the request.

"You accept people, and sometimes you don't really know why you're accepting people," Ponce said.

Ponce hopes this helps shed light on the value of paying for advertising on Facebook.

"At the end of the day, is it really an effective tool for our clients or is it just a lot of smoke and mirrors?" Ponce asked. "It's about opening up a major can of worms with Facebook and saying, 'How many of your people are real?' Is it really fair to those that pay for cost-per-impression?"

RPCGROUP's experiment might have been intended as innocent marketing research, but more than 480 people just gave a false account access to their information by adding her as a friend.

Moments like this reveal that we can be too trusting of a simple profile with a pretty face. Luckily for these people, Noonan wasn't a cyber criminal.

Using a fake name or operating under a false identity is a violation of Facebook's policy. The site also has systems in place to flag or block potential fake accounts, according to Facebook spokesman Simon Axten.

But Facebook didn't catch "Noonan" -- and neither did more than 480 people. When you consider how "she" operated, it's easy to see why.

Account red flags

Noonan sent a friend request to practically everyone in the Miami Herald's Business section Facebook page with the message: "Hi, I came across your profile in the Miami Herald Business section page. I am currently expanding my network base and wanted to reach out and say hi."

Sweet girl sending out a sweet message. What fake account would do that? But the account didn't respond to follow-up messages. Red flag No. 1.

A closer look at her profile raised more eyebrows. Noonan never made a status update or shared a link from the Facebook website. She posted via a paid application used by marketers called Sendible, but a Facebook application was created to disguise the Sendible feature, calling itself "Mobile Phone." So all her time stamps ended with "via Mobile Phone." You wouldn't know something was weird unless you clicked on those words.

The third red flag: Not one post on "Sarah's" wall was from a friend, nor did the account ever interact with friends. The posts were meaningless -- such as a music clip from YouTube, a link to a story from another publication or innocuous thought. ("Long day ... calling it a night.")

Cyber criminals and spammers typically won't waste their time putting that much effort into a profile. Kevin Haley, director at Symantec Security Response, said the bad guys usually "hit and run" on Facebook by breaking into a real account, spreading malicious links and spam until they get caught. It's not profitable to waste time building a fake account and adding friends.

Haley wrote about "The Ghosts of Facebook" last week when a fake account posing as a Jacksonville University student got 562 friends without even trying to look as real as Noonan did.

Dave Marcus, director of security research at McAfee, said McAfee partners with Facebook's security team. He's found that as long as there's some friend in common, people will trust and accept a friendship.

"It's amazing how many people 'friend' something," Marcus said. "It's that transient trust thing."

As in the "real" world, it's wise to check someone out before you add them as a friend. Do a quick Google search on their name. Or send a nice message asking how they know you or where you met.

It's your profile -- protect it. Facebook can block outsiders from seeing your stuff, but it can't stop the people you let in.