The phishing landscape is rapidly changing, and in the last few years we have witnessed over a 10-fold increase in social media-based phishing. Yet social media sites have taken few steps to detect or block automated intelligence gathering on their platforms, and enterprises are far from understanding the new risks that users face via social media.
In this talk, I will examine how new tools can automate social media intelligence gathering, correlating profiles across sites and scraping data on a mass scale. Organizations can use this new intelligence gathering as a way to better understanding who within their companies are the most likely targets of social media-based attack. From there they can test for risks such as employees who are accepting random connection requests on LinkedIn or Facebook, and who is clicking untrusted links sent to them on their work machines. Red team attackers will learn how to scale up their social media phishing campaigns and how to save time when conducting large scale social media-based phishing.
During the talk, I will detail Social Mapper as well as release Social Attacker, the first open source, multi-site, automated Social Media Phishing Framework. I’ll be giving a high-level walk through on how you can use this along with Social Mapper to run mock social media phishing campaigns against your organizations. Join me to learn more about these tools and how they can help protect your enterprise.