A security researcher has released an automated social network attack tool in an attempt to show just how vulnerable social nets are.Core Security vulnerability researcher Pedro Varangot thinks social nets are the next big frontier for automated spear phishing attacks, and at RSA he released code that he thinks proves it.
Rising user wariness about e-mail is leading to diminishing returns for phishers. As a consequence, Varangont argues, the spear phishers, whose success with targeted scams and come-ons shows the effectiveness of approaching targets by name.
Name games are where Varangot's approach gets started, building a false but convincing clone of an existing Twitter user, then using the fake to attract followers and seduce them into scams.
Varangot targeted Twitter for the demonstration because it was the easiest social net on which to make his point. But his point also included observations about how simply the technique could be applied to other social nets, search engines and instant messaging services.
Bad as spear phishing has been, Varangot predicts that "even more dangerous on social networks/"