The Art of Deception: Controlling the Human Element of Security
The Art of Deception: Controlling the Human Element of Security
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
Designing ethical phishing experiments: a study of (ROT13) rOnl query features
Proceedings of the 15th international conference on World Wide Web
SybilGuard: defending against sybil attacks via social networks
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Communications of the ACM
SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Why and How to Perform Fraud Experiments
IEEE Security and Privacy
All your contacts are belong to us: automated identity theft attacks on social networks
Proceedings of the 18th international conference on World wide web
Honeybot, your man in the middle for automated social engineering
LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Abusing social networks for automated user profiling
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Detecting spammers on social networks
Proceedings of the 26th Annual Computer Security Applications Conference
Detecting collective attention spam
Proceedings of the 2nd Joint WICOW/AIRWeb Workshop on Web Quality
Sherlock Holmes and the case of the advanced persistent threat
LEET'12 Proceedings of the 5th USENIX conference on Large-Scale Exploits and Emergent Threats
All your face are belong to us: breaking Facebook's social authentication
Proceedings of the 28th Annual Computer Security Applications Conference
Design and analysis of a social botnet
Computer Networks: The International Journal of Computer and Telecommunications Networking
Social engineering attacks on the knowledge worker
Proceedings of the 6th International Conference on Security of Information and Networks
You are how you click: clickstream analysis for Sybil detection
SEC'13 Proceedings of the 22nd USENIX conference on Security
Leveraging Social Feedback to Verify Online Identity Claims
ACM Transactions on the Web (TWEB)
| Hi-index | 0.00 |
Social networks are some of the largest and fastest growing online services today. Facebook, for example, has been ranked as the second most visited site on the Internet, and has been reporting growth rates as high as 3% per week. One of the key features of social networks is the support they provide for finding new friends. For example, social network sites may try to automatically identify which users know each other in order to propose friendship recommendations. Clearly, most social network sites are critical with respect to user's security and privacy due to the large amount of information available on them, as well as their very large user base. Previous research has shown that users of online social networks tend to exhibit a higher degree of trust in friend requests and messages sent by other users. Even though the problem of unsolicited messages in social networks (i.e., spam) has already been studied in detail, to date, reverse social engineering attacks in social networks have not received any attention. In a reverse social engineering attack, the attacker does not initiate contact with the victim. Rather, the victim is tricked into contacting the attacker herself. As a result, a high degree of trust is established between the victim and the attacker as the victim is the entity that established the relationship. In this paper, we present the first user study on reverse social engineering attacks in social networks. That is, we discuss and show how attackers, in practice, can abuse some of the friend-finding features that online social networks provide with the aim of launching reverse social engineering attacks. Our results demonstrate that reverse social engineering attacks are feasible and effective in practice.