Spearphishers’ New Tool — Facebook Timeline

Timeline, the new feature just announced by Facebook, will make it even easier for bad guys to mine the Facebook social network for personal information they can use to launch malicious attacks. As this blog has noted many times, the most important element of an effective spearphishing attack is the persuasiveness of the fake email. Social networks are an ideal source of personal information that can be used to craft a spearphishing attack.

Networkworld quotes Sophos security expert Chet Wisniewski:

“Timeline makes it a heck of a lot easier [for attackers] to collect information on people.  It’s not that the data isn’t already there on Facebook, but it’s currently not in an easy-to-use format. ”

Cybercriminals often unearth personal details from social networking sites to craft targeted attacks, noted Wisniewski, and Timeline will make their job simpler.

“And Facebook encourages people to fill in the blanks [in the Timeline],” said Wisniewski, referring to the new tool’s prompting users to add details to sections that are blank.

What kind of personal information can bad guys mine from social networking sites? When the bad guy is willing to devote a little work to the project, even the identity of a CIA agent can be uncovered. Timeline makes the work of cybercriminals more efficient.


Comments are closed.