Social networks and context-aware spam

Social networks are popular for online communities. This paper evaluates the risk of sophisticated context-aware spam that could result from information sharing on social networks and discusses potential mitigation strategies. Unlike normal spam, context-aware spam would likely have a high click-through rate due to exploitation of authentic social connections. Context-aware spam could lead to more insidious attacks that try to install malware or steal passwords. In this paper, we analyzed Facebook, a popular social networking website. Our goal was to determine how many users were vulnerable to context-aware attack email and understand aspects of Facebook's design that make such attacks possible. We also classified different kinds of email attacks based on certain pieces of data such as birthdays, lists of friends, wall posts, and user news feeds. We analyzed Facebook starting from a single university e-mail address to calculate the number of users who would be vulnerable to each type of attack. We found that a hacker could send sophisticated context-aware email to approximately 85% of users. Furthermore, our analysis shows that people with private profiles are almost equally vulnerable to a subset of attacks. Finally, we discuss defense strategies. Some strategies would require users to coordinate their privacy policies with each other. We also suggest design improvements for social networks that may help reduce exposure to context-aware attack email.

[1]  Markus Jakobsson,et al.  Social phishing , 2007, CACM.

[2]  Starr Roxanne Hiltz,et al.  Trust and Privacy Concern Within Social Networking Sites: A Comparison of Facebook and MySpace , 2007, AMCIS.

[3]  Alessandro Acquisti,et al.  Information revelation and privacy in online social networks , 2005, WPES '05.

[4]  Laura A. Dabbish,et al.  Labeling images with a computer game , 2004, AAAI Spring Symposium: Knowledge Collection from Volunteer Contributors.

[5]  Laura A. Dabbish,et al.  ESP: Labeling Images with a Computer Game , 2005, AAAI Spring Symposium: Knowledge Collection from Volunteer Contributors.

[6]  Stephanie Forrest,et al.  Email networks and the spread of computer viruses. , 2002, Physical review. E, Statistical, nonlinear, and soft matter physics.

[7]  Brian W. Rogers,et al.  Meeting Strangers and Friends of Friends: How Random are Social Networks? , 2007 .

[8]  Danah Boyd,et al.  Friendster and publicly articulated social networking , 2004, CHI EA '04.

[9]  Steven Furnell,et al.  Malware Evolution: Malware comes of age: The arrival of the true computer parasite , 2004 .

[10]  Alex Tsow Deceit and Deception : A Large User Study of Phishing , 2007 .

[11]  Cliff Lampe,et al.  A face(book) in the crowd: social Searching vs. social browsing , 2006, CSCW '06.

[12]  Cliff Lampe,et al.  A familiar face(book): profile elements as signals in an online social network , 2007, CHI.

[13]  Markus Jakobsson,et al.  Designing ethical phishing experiments: a study of (ROT13) rOnl query features , 2006, WWW '06.

[14]  M. Jackson A Survey of Models of Network Formation: Stability and Efficiency , 2003 .

[15]  A. Barabasi,et al.  Scale-free characteristics of random networks: the topology of the world-wide web , 2000 .