Social Phishing

by Tom N. Jagatic, Nathaniel A. Johnson, Markus Jakobsson, and Filippo Menczer

This article covers various aspects of phishing attacks luring users into disclosing sensitive information, which (might) get abused by the phisher.

Modern flavors of phishing like spear or context aware phishing include context information about the victim's social environments into the phishing e-mail. Publicly available sources like FOAF, social network sites, blogs, etc. deliver the data for this kind of attack.

The authors of the study performed an experiment in their own campus, carefully considering federal laws and regulations in human subject research. The attack has been extremely successful (~70 % hit rate) and triggered a broad range of reactions like anger, denial, misunderstanding of the information e-mail, etc. The experiment shows that most internet users underestimate the danger of publicly posted personal information and clearly overestimate the security and privacy of e-mail.