Information revelation and privacy in online social networks
Proceedings of the 2005 ACM workshop on Privacy in the electronic society
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Proceedings of the first workshop on Online social networks
Spamming botnets: signatures and characteristics
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
All your contacts are belong to us: automated identity theft attacks on social networks
Proceedings of the 18th international conference on World wide web
On the leakage of personally identifiable information via online social networks
Proceedings of the 2nd ACM workshop on Online social networks
Temporal distance metrics for social network analysis
Proceedings of the 2nd ACM workshop on Online social networks
On the evolution of user interaction in Facebook
Proceedings of the 2nd ACM workshop on Online social networks
Imagined communities: awareness, information sharing, and privacy on the facebook
PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies
Poster: preliminary analysis of Google+'s privacy
Proceedings of the 18th ACM conference on Computer and communications security
The privacy in the time of the internet: secrecy vs transparency
Proceedings of the second ACM conference on Data and Application Security and Privacy
All your face are belong to us: breaking Facebook's social authentication
Proceedings of the 28th Annual Computer Security Applications Conference
Hi-index | 0.00 |
Social networking is one of the most popular Internet activities with millions of members from around the world. However, users are unaware of the privacy risks involved. Even if they protect their private information, their name is enough to be used for malicious purposes. In this paper we demonstrate and evaluate how names extracted from social networks can be used to harvest email addresses as a first step for personalized phishing campaigns. Our blind harvesting technique uses names collected from the Facebook and Twitter networks as query terms for the Google search engine, and was able to harvest almost 9 million unique email addresses. We compare our technique with other harvesting methodologies, such as crawling the World Wide Web and dictionary attacks, and show that our approach is more scalable and efficient than the other techniques. We also present three targeted harvesting, techniques that aim to collect email addresses coupled with personal information for the creation of personalized phishing emails. By using information available in Twitter to narrow down the search space and, by utilizing the Facebook email search functionality, we are able to successfully map 43.4% of the user profiles to their actual email address. Furthermore, we harvest profiles from Google Buzz, 40% of whom provide a direct mapping to valid Gmail addresses.