Phishing through social bots on Twitter

This work investigates how social bots can phish employees of organizations, and thus endanger corporate network security. Current literature mostly focuses on traditional phishing methods (through e-mail, phone calls, and USB sticks). We address the serious organizational threats and security risks caused by phishing through online social media, specifically through Twitter. This paper first provides a review of current work. It then describes our experimental development, in which we created and deployed eight social bots on Twitter, each associated with one specific subject. For a period of four weeks, each bot published tweets about its subject and followed people with similar interests. In the final two weeks, our experiment showed that 437 unique users could have been phished, 33 of which visited our website through the network of an organization. Without revealing any sensitive or real data, the paper analyses some findings of this experiment and addresses further plans for research in this area.

[1]  V. S. Subrahmanian,et al.  Using sentiment to detect bots on Twitter: Are humans more opinionated than bots? , 2014, 2014 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2014).

[2]  Rossano Schifanella,et al.  People Are Strange When You're a Stranger: Impact and Influence of Bots on Social Networks , 2012, ICWSM.

[3]  Sushil Jajodia,et al.  Detecting Automation of Twitter Accounts: Are You a Human, Bot, or Cyborg? , 2012, IEEE Transactions on Dependable and Secure Computing.

[4]  Isabel Anger,et al.  Measuring influence on Twitter , 2011, i-KNOW '11.

[5]  Guanhua Yan,et al.  On the impact of social botnets for spam distribution and digital-influence manipulation , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[6]  Itamar Arel,et al.  Beyond the Turing Test , 2009, Computer.

[7]  E. Algonquin Road QUARTERLY REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 , 2014 .

[8]  Fabrício Benevenuto,et al.  Reverse engineering socialbot infiltration strategies in Twitter , 2014, 2015 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM).

[9]  Nemanja Spasojevic,et al.  Klout score: Measuring influence across multiple social networks , 2015, 2015 IEEE International Conference on Big Data (Big Data).

[10]  Michael Workman,et al.  Gaining Access with Social Engineering: An Empirical Study of the Threat , 2007, Inf. Secur. J. A Glob. Perspect..

[11]  Patric R. Spence,et al.  Is that a bot running the social media feed? Testing the differences in perceptions of communication quality for a human agent and a bot agent on Twitter , 2014, Comput. Hum. Behav..

[12]  Rong Zheng,et al.  A data-driven study of influences in Twitter communities , 2014, 2014 IEEE International Conference on Communications (ICC).

[13]  Markus Strohmaier,et al.  When Social Bots Attack: Modeling Susceptibility of Users in Online Social Networks , 2012, #MSM.

[14]  Fabrício Benevenuto,et al.  You followed my bot! Transforming robots into influential users in Twitter , 2013, First Monday.

[15]  Amos Azaria,et al.  The DARPA Twitter Bot Challenge , 2016, Computer.

[16]  Filippo Menczer,et al.  BotOrNot: A System to Evaluate Social Bots , 2016, WWW.

[17]  W.,et al.  Detecting Automation of Twitter Accounts: Are You a Human, Bot, or Cyborg? , 2017 .

[18]  Jian Cao,et al.  Combating the evasion mechanisms of social bots , 2016, Comput. Secur..

[19]  Taghi M. Khoshgoftaar,et al.  Predicting susceptibility to social bots on Twitter , 2013, 2013 IEEE 14th International Conference on Information Reuse & Integration (IRI).

[20]  Filippo Menczer,et al.  The rise of social bots , 2014, Commun. ACM.

[21]  Vincent Larivière,et al.  Tweets as impact indicators: Examining the implications of automated “bot” accounts on Twitter , 2014, J. Assoc. Inf. Sci. Technol..

[22]  Krishna P. Gummadi,et al.  Measuring User Influence in Twitter: The Million Follower Fallacy , 2010, ICWSM.

[23]  Christopher J. Novak,et al.  2009 Data Breach Investigations Report , 2009 .

[24]  Konstantin Beznosov,et al.  The socialbot network: when bots socialize for fame and money , 2011, ACSAC '11.

[25]  Peter Mell,et al.  Guide to Malware Incident Prevention and Handling , 2005 .

[26]  Andrea Back,et al.  The dark side of social networking sites: Understanding phishing risks , 2016, Comput. Hum. Behav..