Automated Social Engineering Attacks using ChatBots on Professional Social Networks

The growth of the internet and social networks has intensified human interactions, raising the risk of cyberattacks. Social Engineering targets those human relationships in the cyber environment, using technology as a support to exploit natural human failures. Research has shown the capacity of Social Engineering attacks, however, there are few papers focusing on the evolution and trust of ChatBots and automation as a support for those attacks. This paper presents an analysis of the capacity of professional social networks to detect and block automated Social Engineering threats to their users. The approach developed allowed us to identify the characteristics of the trust relationship between the user, the social network, and the ChatBot resulting from the established interaction, and failures on the part of social networks to identify and block this kind of behavior. To this end, an automated Social Engineering bot was developed. The analysis and discussion of the results allow demonstration of the security vulnerabilities present in professional networks and in building the user’s trust relationship with the ChatBot.