Vicente Diaz Kaspersky Lab
download slides (PDF)
The use of social engineering on popular social networks for the propagation of malware and scam campaigns has emerged as the natural successor to the old email-based phishing.
Some reasons are the lack of user awareness, the implicit trust of other users, the network topology, and not enough efficient countermeasures. However, there is a new factor: profiling users just the same way social networks do, for a more effective targeted scam!
This presentation describes a fraud campaign discovered on Twitter in July 2011. This campaign takes advantage of this new user profiling technique. It analyses all the technical aspects as well as invitations to think about many of the global implications, including potential countermeasures, legal aspects and profit for the fraudsters.
Typically these campaigns fly just below the radar, which is one of the main problems. This may lead to increasing rates of scams in social networks - just like what happened with email fraud over the last decade.