Research: Spammers actively harvesting emails from Twitter in real-time

Summary:Security researchers from WebSense, have conducted an experiment, proving that Twitter is still a heaven for spammers looking to harvest freshly shared email addresses.

Security researchers from WebSense, have conducted an experiment, proving that Twitter is still a heaven for spammers looking to harvest freshly shared email addresses.

More details on the experiment:

We conducted research on how data that might be considered private is exposed via Twitter. The research focused on shared data, in particular email addresses, that can potentially be used against the one (or the organization) that shared it. During the research we monitored Twitter over a 24 hour period and found that users were publicly sharing email addresses connected with their inboxes, social media identities, and bank accounts. This leaves them open to advanced ‘social spear phishing’ attacks and spam campaigns.

Our research found that thousands of Email addresses are publicly shared daily via Twitter.  More than 11,000 email addresses were shared worldwide.

This isn't the first time that a vendor is aiming to raise awareness on the fact, users sharing their emails publicly, can become targets of successfully crafted spear phishing campaigns.

I little experiment I conducted back in 2009, also provided similar results. Basically, what I did was to measure the trending of words such as "email me at"; or "contact me at". The results? Thousands of freshly shared emails ready to be harvested by spammers in real-time.

Twitter email harvesters have been in the wild for years, it's time for Twitter's users to wake up and realize that the spammers are monitoring Twitter's global feed, and are successfully harvesting their email addresses.

Topics: Social Enterprise, Collaboration, Security

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.