Using social networks to harvest email addresses

Authors:
Iasonas Polakis;Georgios Kontaxis;Spiros Antonatos;Eleni Gessiou;Thanasis Petsas;Evangelos P. Markatos
Affiliations:
Foundation for Research and Technology Hellas, Heraklion, Greece;Foundation for Research and Technology Hellas, Heraklion, Greece;Foundation for Research and Technology Hellas, Heraklion, Greece;Foundation for Research and Technology Hellas, Heraklion, Greece;Foundation for Research and Technology Hellas, Heraklion, Greece;Foundation for Research and Technology Hellas, Heraklion, Greece
Venue:
Proceedings of the 9th annual ACM workshop on Privacy in the electronic society
Year:
2010

Citing 9
Cited 3

Information revelation and privacy in online social networks

Proceedings of the 2005 ACM workshop on Privacy in the electronic society
On the spam campaign trail

LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
A few chirps about twitter

Proceedings of the first workshop on Online social networks
Spamming botnets: signatures and characteristics

Proceedings of the ACM SIGCOMM 2008 conference on Data communication
All your contacts are belong to us: automated identity theft attacks on social networks

Proceedings of the 18th international conference on World wide web
On the leakage of personally identifiable information via online social networks

Proceedings of the 2nd ACM workshop on Online social networks
Temporal distance metrics for social network analysis

Proceedings of the 2nd ACM workshop on Online social networks
On the evolution of user interaction in Facebook

Proceedings of the 2nd ACM workshop on Online social networks
Imagined communities: awareness, information sharing, and privacy on the facebook

PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies

Poster: preliminary analysis of Google+'s privacy

Proceedings of the 18th ACM conference on Computer and communications security
The privacy in the time of the internet: secrecy vs transparency

Proceedings of the second ACM conference on Data and Application Security and Privacy
All your face are belong to us: breaking Facebook's social authentication

Proceedings of the 28th Annual Computer Security Applications Conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

Social networking is one of the most popular Internet activities with millions of members from around the world. However, users are unaware of the privacy risks involved. Even if they protect their private information, their name is enough to be used for malicious purposes. In this paper we demonstrate and evaluate how names extracted from social networks can be used to harvest email addresses as a first step for personalized phishing campaigns. Our blind harvesting technique uses names collected from the Facebook and Twitter networks as query terms for the Google search engine, and was able to harvest almost 9 million unique email addresses. We compare our technique with other harvesting methodologies, such as crawling the World Wide Web and dictionary attacks, and show that our approach is more scalable and efficient than the other techniques. We also present three targeted harvesting, techniques that aim to collect email addresses coupled with personal information for the creation of personalized phishing emails. By using information available in Twitter to narrow down the search space and, by utilizing the Facebook email search functionality, we are able to successfully map 43.4% of the user profiles to their actual email address. Furthermore, we harvest profiles from Google Buzz, 40% of whom provide a direct mapping to valid Gmail addresses.