CybersecurityFacebook new search feature has cyber experts worried

A new Facebook search feature has security experts concerned. They  are warning users of the site to strengthen their security settings to avoid embarrassment and to protect themselves from cybercriminals.

CSO reports that Graph Search, which Facebook started in January, allows users to use naturally phrased queries, such as “Mexican restaurants my friends like,” and receive personalized results. The search is an improvement, and it will make it easier for users, but at the same time the new search increases the chances for scammers to catch people who are careless about their privacy settings. The search also makes it much easier for advertisers to target users.

Facebook says its responsibility is to provide the privacy settings and users are responsible for using them.

“You control who you share your interests and likes with on Facebook,” the company said last Thursday in an e-mailed statement.

Some security experts agree with the company on the principle that  people trade their personal information for free access to the site, but others say Facebook does not do enough to make sure its uses are educated about the potential threats on the site.

“Some people do not grasp the importance of Graph Search,” Bogdon Botezatu, a senior e-threat analyst for Bitdefender told CSO Online. “So maybe it would be better for Facebook to actually inform people that some things will change.”

“The way they use to interact with Facebook has changed and this could have consequences they haven’t thought about yet,” Botezatu added.

Most Facebook users are unaware that cybercriminals can use something as simple as a search of a person’s friends, hometown, and former college to tailor an e-mail to make it appeal to a user and thus more likely that they will click on a link to a malicious Web site.

The same goes for corporate employees, who may unknowingly reveal too much information about their work and colleagues.

Rick Holland, a senior analyst for security and risk management at Forrester Research, said companies should include Graph Search in security awareness campaigns.

“Security awareness is much more effective when it has the personal hook. Some of the searches that you can run are pretty shocking, what better way to demonstrate the personal risks of using Facebook?” Holland told CSO Online. “Tie Facebook and protecting your family’s privacy into a broader training session that also covers spear phishing/social engineering. Win for the employee and win for the company.”