Facebook has announced new changes to the way Graph Search discovers information, including the fact that status updates, photos, check-ins, and comments are now included in search results. This new stream of information offers criminals developing phishing campaigns all-new attack surfaces to exploit.
On Monday, Facebook revealed the latest changes to their Graph Search function, a tool that allows people to search for specific content on the social network. Previously, Graph Search was limited to information on a person's profile or pages on the site, but now additional information, such as status updates, photos, check-ins, and comments will become discoverable as well. While these features are being touted by the social giant as a good thing, the risk they create is anything but.
This new stream of data offers a potential goldmine for criminals developing phishing campaigns, and for more experienced attackers, because searches can now focus on certain groups of people, from a given area, who are interested in, or have a relation to, a specific business, organization, topic, or hobby. It's even possible to filter results by time, details from long forgotten comments or posts to see the light of day once again.
The data that is returned for a given search is limited only by the privacy settings on the post itself, or the overall settings by the user or their friends. Unfortunately, many people are still on default settings. As such, their profiles—including posts—are set to be shared to a much wider audience than they may intend.
To read this article in full or to leave a comment, please click here
ConversionConversion EmoticonEmoticon