ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Social networks and context-aware spam
Full text PdfPdf (814 KB)
Source
Computer Supported Cooperative Work archive
Proceedings of the ACM 2008 conference on Computer supported cooperative work table of contents
San Diego, CA, USA
SESSION: Naughty social networking table of contents
Pages 403-412  
Year of Publication: 2008
ISBN:978-1-60558-007-4
Authors
Garrett Brown  University of Michigan, Ann Arbor, MI, USA
Travis Howe  University of Michigan, Ann Arbor, MI, USA
Micheal Ihbe  University of Michigan, Ann Arbor, MI, USA
Atul Prakash  University of Michigan, Ann Arbor, MI, USA
Kevin Borders  University of Michigan, Ann Arbor, MI, USA
Sponsors
ACM: Association for Computing Machinery
SIGCHI: ACM Special Interest Group on Computer-Human Interaction
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 97,   Downloads (12 Months): 741,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1460563.1460628
What is a DOI?

ABSTRACT

Social networks are popular for online communities. This paper evaluates the risk of sophisticated context-aware spam that could result from information sharing on social networks and discusses potential mitigation strategies. Unlike normal spam, context-aware spam would likely have a high click-through rate due to exploitation of authentic social connections. Context-aware spam could lead to more insidious attacks that try to install malware or steal passwords. In this paper, we analyzed Facebook, a popular social networking website. Our goal was to determine how many users were vulnerable to context-aware attack email and understand aspects of Facebook's design that make such attacks possible. We also classified different kinds of email attacks based on certain pieces of data such as birthdays, lists of friends, wall posts, and user news feeds. We analyzed Facebook starting from a single university e-mail address to calculate the number of users who would be vulnerable to each type of attack. We found that a hacker could send sophisticated context-aware email to approximately 85% of users. Furthermore, our analysis shows that people with private profiles are almost equally vulnerable to a subset of attacks. Finally, we discuss defense strategies. Some strategies would require users to coordinate their privacy policies with each other. We also suggest design improvements for social networks that may help reduce exposure to context-aware attack email.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Arrington, M. 85% of College Students use Facebook, Sept. 2005. (http://www.techcrunch.com/2005/09/07/85-of-college-students-use-facebook/)
 
2
Barabàsi, A., Albert, R. and Jeong, H. Scale-free characteristics of random networks: the topology of the world-wide web, Physica A 281 (2000), 69--77.
3
danah michele boyd, Friendster and publicly articulated social networking, CHI '04 extended abstracts on Human factors in computing systems, April 24-29, 2004, Vienna, Austria  [doi>10.1145/985921.986043]
 
4
Brodkin, J. Phishing researcher 'targets' the unsuspecting, Network World, 24, 31 (Aug. 2007), 26.
 
5
CBC News, Facebook 'ideal' for phishing attacks: researcher, April 2007. http://www.cbc.ca/technology/story/2007/04/13/tech-facebookphishing-20070413.html
 
6
Dwyer, C., Hiltz, S., and Passerini, K.Trust and privacy concern within social networking sites: A comparison of Facebook and MySpace, Proc. 13th Americas Conf. Information Systems, Association for Information Systems, 2007.
 
7
ESPC/Ipsos, Email Survey Summary, December 2006. http://www.espcoalition.org/ESPC_Ipsos_Survey_Executive_Summary.pdf
 
8
Furnell, S. and Ward, J. Malware comes of age: The arrival of the true computer parasite, Network Security, 2004, 10 (October 2004), 11--15.
9
Ralph Gross , Alessandro Acquisti , H. John Heinz, III, Information revelation and privacy in online social networks, Proceedings of the 2005 ACM workshop on Privacy in the electronic society, November 07-07, 2005, Alexandria, VA, USA  [doi>10.1145/1102199.1102214]
 
10
Hodge, M. The Fourth Amendment and Privacy Issues on the "New" Internet: Facebook.com and Myspace.com, Southern Illinois University Law Journal, Fall 2006.
 
11
Jackson, M. O. A Survey of Models of Network Formation: Stability and Efficiency, in Group Formation in Economics; Networks, Clubs and Coalitions, edited by Gabrielle Demange and Myrna Wooders, Cambridge University Press: Cambridge U.K., 2004.
 
12
Jackson, M. O. and Rogers, B. W. Meeting strangers and friends of friends: How random are social networks? American Economic Review 97 (2007), 890--915.
13
Tom N. Jagatic , Nathaniel A. Johnson , Markus Jakobsson , Filippo Menczer, Social phishing, Communications of the ACM, v.50 n.10, p.94-100, October 2007  [doi>10.1145/1290958.1290968]
14
Markus Jakobsson , Jacob Ratkiewicz, Designing ethical phishing experiments: a study of (ROT13) rOnl query features, Proceedings of the 15th international conference on World Wide Web, May 23-26, 2006, Edinburgh, Scotland  [doi>10.1145/1135777.1135853]
 
15
Jones, H. and Soltren, J. H. Facebook: Threats to Privacy, MIT manuscript, December 2005. Available at http://www.swiss.ai.mit.edu/6095/student-papers/fall05-papers/facebook.pdf.
16
Cliff Lampe , Nicole Ellison , Charles Steinfield, A face(book) in the crowd: social Searching vs. social browsing, Proceedings of the 2006 20th anniversary conference on Computer supported cooperative work, November 04-08, 2006, Banff, Alberta, Canada  [doi>10.1145/1180875.1180901]
17
Cliff A.C. Lampe , Nicole Ellison , Charles Steinfield, A familiar face(book): profile elements as signals in an online social network, Proceedings of the SIGCHI conference on Human factors in computing systems, April 28-May 03, 2007, San Jose, California, USA  [doi>10.1145/1240624.1240695]
 
18
Liam Tung, Social networking 'addiction' aids phishing, May 2007. http://www.zdnetasia.com/news/security/0,39044215,62027706,00.htm.
 
19
Newman, M. E. J., Forrest, S., and Balthrop, J. Email networks and spread of computer viruses, Physical Review E 66, 035101(R) (2002), 1--4.
 
20
Symantec, Report: Hackers Turning to Social-Networking Sites, September 2006.
 
21
Tsow, A., and Jakobsson, M. Deceit and Deception: A Large User Study of Phishing, Technical Report TR649, Indiana University, August 2007.
22
Luis von Ahn , Laura Dabbish, Labeling images with a computer game, Proceedings of the SIGCHI conference on Human factors in computing systems, p.319-326, April 24-29, 2004, Vienna, Austria  [doi>10.1145/985692.985733]

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.5 INFORMATION INTERFACES AND PRESENTATION (I.7)
      H.5.3 Group and Organization Interfaces
          Subjects: Web-based interaction

Additional Classification:
  K. Computing Milieux
  K.4 COMPUTERS AND SOCIETY
      K.4.1 Public Policy Issues
          Subjects: Privacy


General Terms:
Human Factors, Measurement, Security


Keywords:
email, facebook, privacy, social networks, spam

Collaborative Colleagues:
Garrett Brown: colleagues
Travis Howe: colleagues
Micheal Ihbe: colleagues
Atul Prakash: colleagues
Kevin Borders: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player