Article Lead Image

How con artists will use Facebook Graph to scam you

Experts warn that Facebook's new search function will give online scam artists their most powerful tool yet for creating elaborate hoaxes.

 

Tim Sampson

Business

Posted on Mar 13, 2013   Updated on Jun 1, 2021, 9:52 pm CDT

There are few out there who’d actually fall for the old Nigerian Prince scheme. It’s been played out to the point of parody.

Even in the youthful days of dial-up Internet, most people were savvy enough to know that an unsolicited email from a deposed African monarch offering to transfer the balance of his family’s fortune to your bank account for safekeeping in exchange for a hefty reward was too good to be true.

But what if phishers didn’t have to make up far-fetched tales? What if they could pull nuanced details from your life and construct a convincing pitch?

That’s exactly what security experts warn may be on the horizon as Facebook slowly rolls out its new Graph Search, which will give online scam artists their most powerful tool yet for creating elaborate hoaxes.

Although Facebook users have long had the ability to search through friends’ profiles via keywords, Graph Search represents a much more powerful and multifaceted search tool. For example, you can search for all the people who work for a particular company, even if you aren’t friends with them. It allows users to look through a much wider range of data and to do so in a more targeted way.

“In a lot of ways it’s similar to what scammers are able to do now, but with one big exception,” nCircle security director Andrew Storms told the Daily Dot. “The data they are are going to be able to find on you is going to be more timely and more personal than the results that turn up in Google searches.”

According to Storms, the potential scams would work like so: Depending on what a person posts and how well they’ve utilized Facebook’s privacy safeguards, a scammer will uncover something someone has recently purchased, like a TV. The scammer would quickly create an official-looking email inviting the user to register the new product and convince the target to give up private financial information in the process.

Unlike Nigerian princes, this kind of scenario would feel much more connected to your real life and could lull you into a false sense of security.

The search capabilities of Graph will be similar to the interface that already exists for Facebook’s advertisers, and Storms said the power of Facebook’s microtargeting platform, in the wrong hands, could be dangerous.

“I don’t think most people realize what a powerful tool that information is,” he said. “Most people don’t realize that to Facebook, you’re the product—not the consumer.”

And that’s why Graph Search is inevitable, experts say. Facebook’s business model has always been based on collecting and selling data that no other company can harvest. User’s wishing to protect their data must understand this fact, according to Alex Horan of CORE Security.

“It’s the next step in monetizing this vast collection of data they have,” Horan said. “But that’s going to put people at risk if they aren’t careful.”

Like Storms, Horan said Graph Search stands apart from previous search engines in its ability to provide scammers with “compelling” information. But he said the danger it poses is relative to how well users can safeguard their online presence.

Since announcing Graph in January, the search engine has had a slow roll-out, with users gradually being invited to join the waitlist for beta testing. The reviews so far have been mixed, with most saying it’s still a far cry from being a Yelp, Match.com or LinkedIn killer. But Horan still thinks Graph Search will have a big presence online.

“This isn’t something that’s going away,” he said. “It can’t be stopped, so people are going to need to figure out how to defend themselves.”

That may be easier said than done. Horan and Storms both agree that Facebook’s privacy protections can be effective but that most don’t know how to properly use them.

A spokesperson for Facebook said protecting user privacy was a significant concern while developing Graph Search. About a month before Graph Search was announced, the company rolled out new privacy settings it says are designed to help users better manage who can and can’t see their information.

“The upgraded privacy tools, and the reminder to use them, are part of an ongoing effort to encourage people to make choices that are right for them,” wrote Facebook Chief Privacy Officer Michael Richter on the company’s blog.

The same spokesperson also emphasised that Facebook’s current privacy settings would remain same on Graph Search. But experts say the constant changes to Facebook’s privacy settings may keep most people from ever fully grasping what is and isn’t available to third party users.

“I think the biggest problem is that the privacy settings change a lot, just like the rest of the site,” said Storms. “I don’t think most people are aware what they are or are not sharing. These tools can work if used properly, but I’m not sure how many people can.”

And privacy is everything, Storms said. While a tall tale about a Nigerian Prince may be easy to ferret out, a story about the new TV you bought, the restaurant you ate at or the movie you saw may seem to authentic to be a con.

Photo via chidorian/Flickr, illustration by Fernando Alfonso III

Share this article
*First Published: Mar 13, 2013, 11:00 am CDT