Facebook Graph Search is the best tool for phishing attacks

Facebook shocked the world by unveiling its new Graph Search. Where users are waiting to test the new search features, the hackers are anxiously waiting to test their skills to hunt some Facebook accounts.  


Facebook’s Graph Search is basically a search engine which will work within the network, finding results based on posts, tags, friends, families and uncountable Facebook members. 

Its an undeniable fact that this new Graph search engine is a genius concept and very useful medium of search based on your friends and their interest. For example, your friends who like Miami Vice and living in Miami or your friend’s Favorite coffee shop nearby. 

Yet, Graph search will also act as a heaven for the attackers as Andrew Storms, director of security operations for nCircle, says:

The new Facebook Graph Search is a phishers’ dream come true. It takes the micro-targeting capabilities that have been available to online advertisers for years and puts them into the hands of cyber criminals.

Just like Google hacking, where the endless useful information can be found, vulnerable servers, social engineering tool, sensitive data, files containing passwords, juicy information, web server directories, hence the endless help for hackers can be found on Google. 

Facebook Graph Search is adding more juice to it by providing same service as Google but with more personal context. 

 CORE Security‘s security strategist Alex Horan explains the upcoming headache for the Facebook users: 

This means Facebook will want it to have as much information available as possible to respond to each query, ensuring people have a positive experience. This directly goes against the desire expressed by people to keep their information private.

By using Graph search, the attacker will be able to gain more personal and up to date information on the victim by matching their current info with the one available in past. 

Richard Wang, manager at Sophos Labs, says that:

Graph Search might be a startling eye-opener for many. This will probably lead more users to discovering that they have shared more than they expected and gives scammers the opportunity to target particular groups of people.

Robert Scoble praised the privacy model behind the tool. Scoble explains:

“You can only see items shared to public or shared with you specifically due to your friend arrangements.”

PC World reports that That is true, and Facebook deserves credit for building in privacy controls. Unfortunately, many of the billion-ish Facebook users aren’t aware of, or don’t properly use the security and privacy controls—so everything they post on the social network will be easily discoverable by cyber criminals.

Horan clarifies, “From a hacker’s perspective, the data was already there and subject to target an attack, but this new feature makes it easier for attackers to collect similar targets for a more customized attack.”

“If you thought the level of spam and phishing scams on Facebook couldn’t possibly get worse, I have bad news for you. We ain’t seen nuthin’ yet,” warns Storms.

Related Posts