Embed Size (px)
Citation preview
Using Social Networks to Harvest Email Addresses
Reporter: Chia-Yi LinAdvisor: Chun-Ying HuangMail: [email protected]
04/21/23
1
Reference
• I. Polakis, G. Kontaxis, S. Antonatos, E. Gessiou, T. Petsas, and E. P. Markatos, “Using social networks to harvest email addresses,” in WPES ’10: Proceedings of the 9th annual ACM workshop on Privacy in the electronic society
04/21/23
2
Outline
•Introduction•Social network harvest email•Facebbok informaition•Conclusions
04/21/23
3
Introduction
•Social networking is one of the most popular Internet activities▫Facebook has more than 400 million users ▫Twitter has more than 40 million users
•Privacy leakage is one of the biggest problems of social networking
04/21/23
4
•http://www.checkfacebook.com/
04/21/23
5
Social network
•Used for malicious purposes▫name, nickname
https://www.facebook.com/btaylor
•How names extracted from social networks ▫harvest email addresses
•Names collected▫Facebook and Twitter networks
•Query terms for the Google search engine▫harvest almost 9 million unique email
04/21/23
6
Current Methodologies
•Give a brief overview of the current methodologies used by spammers to harvest email addresses▫Web crawling▫Crawling mailing list archives sites▫Malware▫Malicious sites▫Dictionary attacks
04/21/23
7
Two approaches
•Present two different approaches to harvesting▫Blind harvesting▫Targeted harvesting
•Social network▫Facebbok and Twitter
•Google search engine▫gather email addresses
•Facebook▫personal information
04/21/23
8
Find name and nickname
•Crawlers for extracting names▫Facebook
fan pages▫Twitter
crawled the accounts the user follows
04/21/23
9
Google search engine
•Once the names have been harvested▫8 different combinations
"[email protected]", "term“, "[email protected]", "term at “,"[email protected]", "term@", "[email protected]", "[email protected]"
▫retrieve the first 50 results▫parse the two-line summary provided
04/21/23
10
Blind Harvesting (1/2)
•Able to harvest, on average▫45 emails per name for the Facebook
names▫25 emails per name for the Twitter
nicknames
04/21/23
11
Blind Harvesting (2/2)• Dictionary :http://wordnet.princeton.edu/• Surnames: http://www.census.gov/genealogy/www/data/
04/21/23
12
Targeted harvesting (1/3)
•Traditional phishing contain generic terms▫“Dear user”, ”Dear customer”, ”Hello
subscriber”•Personalized phishing
▫Email look like they originate from a friend
04/21/23
13
Targeted harvesting (2/3)
•Use the harvested email addresses in the Facebook search utility▫gain profile
•The first technique▫Uses information from the Facebook network
Successfully link 11.5% of the harvested names with their actual email address
•The second technique▫Uses information from the Twitter network
43.4% of the profiles returned
04/21/23
14
Targeted harvesting (3/3)
•The third technique▫collected from other social networks▫harvest profiles from Google Buzz
40.5% valid Gmail addresses
04/21/23
15
Fetch name
•Method▫facebook app▫friend
04/21/23
16
Permissions
•Read Permissions•Write Permissions•Page Permissions
04/21/23
17
Basic profile
04/21/23
18
04/21/23
19
Facebook profile
04/21/23
20
Content categorization
04/21/23
21
Conclusions
•We present how information, that is publicly available in social networking sites▫for harvesting email addresses▫deploying personalized phishing campaigns
•We present two different approaches to harvesting email▫greatly enhance the efficiency of a spam
campaign
04/21/23
22
Thanks for Your AttentionQ & A
04/21/23
23
