Scammer AI can tailor clickbait to you for phishing attacks

Scammer AI can tailor clickbait to you for phishing attacks, by Sally Adee.

Phishing, where cybercriminals try to trick people into clicking links to malware or sites that steal your personal information, is common on social networks like Twitter. Now a machine learning system that reads our past tweets to craft personalised traps could make clicking links that show up in your feed even riskier. …

Firefox phishing alert

A phishing alert in Firefox

Some criminals take the trouble to tailor their phishing tweets to specific individuals by hand – known as spearphishing. … Success rates for spearphishing are estimated to be around 45 per cent. The technique is time consuming, however.

[R]esearchers have created a system that can go spearphishing automatically. By mining people’s past Twitter activity, their machine learning system first hunts down a potential target. It looks for high-profile or well-connected users… and people who are particularly active. … [T]hey also targeted people by looking the hashtags they used in their tweets, as well as what the person likes to retweetand the times they are most likely to be using Twitter. Using this information, the algorithm generates tweets that the individual is likely click on. In other words, personalised clickbait.

The team tested the system on 90 people and managed to trick more than two-thirds of them into clicking the link. The team thinks that the approach could reach far more people with a greater success rate than hand-crafted approaches. They also say the system would work on other social media sites, including Facebook. The work was presented at the Black Hat conference in Las Vegas last week.

So think twice before clicking on a link. Also keep your computers and phones updated. With an up-to-date browser on an up-to-date operating system, the probability of infection from a malicious link is minimal.

hat-tip Matthew