Could social networks help ease phishing?
The relationships built in social media networks could someday be used to protect you from spear-phishing attacks or spam, based on who you interact with and the trust you build with those people, according to TrustSphere, which has already built "trust maps" for email.
(No Fishing image by alex_lee2001, CC BY 2.0)
TrustSphere founder and CEO Manish Goel told ZDNet Australia in an interview that trust is important because of spear-phishing attacks — phishing attacks that are highly targeted, often using social engineering, to make themselves seem trustworthy or from a reputable source. TrustSphere's maps assist users by judging how much they can trust an email based on whether the user can be identified, the authenticity of the email and previous emails sent by that person.
Goel said that despite the rise of social media, email is still going to be around for at least the next five years, due to its recognition as an authoritative communication channel, and would hence remain a credible attack vector for hackers looking to penetrate a business.
He said that the idea of building trust through email could help social networks, such as Google+.
"Instead of manually building your circle of trust, if Google were very, very clever, they'd go into Gmail accounts and almost help pre-populate your circles based on your trust relationships," Goel said.
But Goel said that the opposite approach could also prove to be useful in the future, with certain relationships in social media being used as part of the way TrustSphere calculates how much users can trust an email.
Of course, there are issues with whether certain relationships in social media networks can be trusted, but Goel said that the idea of using social media to gauge the trustworthiness of a communication was the way of the future.
"Directionally, that's the way the industry is moving, and directionally that's the way we will be moving."
One worry about the system of trust is that if hackers know they need to build trust with a user via social media, advanced persistent threats could become more sophisticated. However, Goel wasn't too concerned.
"If you look at advanced persistent threats, will they continuously come up with new ways of dealing with [faking trust]? Absolutely. Have we thought about it and anticipated how they'll get into the technology? Absolutely."
He couldn't say, however, what countermeasures TrustSphere was considering or had put in place, only saying that the company is dealing with the issue.