An Analysis of the Effectiveness of Personalized Spam Using Online Social Network Public Information

  • Enaitz EzpeletaEmail author
  • Urko Zurutuza
  • José María Gómez Hidalgo
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 369)


Unsolicited email campaigns remain as one of the biggest threats affecting millions of users per day. Spam filters are capable of detecting and avoiding an increasing number of messages, but researchers have quantified a response rate of a 0.006 % [1], still significant to turn a considerable profit. While research directions are addressing topics such as better spam filters, or spam detection inside online social networks, in this paper we demonstrate that a classic spam model using online social network information can harvest a 7.62 % of click-through rate. We collect email addresses from the Internet, complete email owner information using their public social network profile data, and analyzed response of personalized spam sent to users according to their profile. Finally we demonstrate the effectiveness of these profile-based templates to circumvent spam detection.


Spam Security Facebook Personalized spam Online social networks 



This work has been partially funded by the Basque Department of Education, Language policy and Culture under the project SocialSPAM (PI_2014_1_102).


  1. 1.
    Kanich, C., Kreibich, C., Levchenko, K., Enright, B., Voelker, G.M., Paxson, V., Savage, S.: Spamalytics: an empirical analysis of spam marketing conversion. In: Proceedings of the 15th ACM Conference on Computer and Communications Security, pp. 3–14. CCS ’08, New York, NY, USA. ACM (2008)Google Scholar
  2. 2.
  3. 3.
    Facebook: Facebook: Newsroom.
  4. 4.
    Bonneau, J., Anderson, J., Danezis, G.: Prying data out of a social network. In: International Conference on Advances in Social Network Analysis and Mining, pp. 249–254 (2009)Google Scholar
  5. 5.
    Balduzzi, Marco, Platzer, Christian, Holz, Thorsten, Kirda, Engin, Balzarotti, Davide, Kruegel, Christopher: Abusing social networks for automated user profiling. In: Jha, Somesh, Sommer, Robin, Kreibich, Christian (eds.) RAID 2010. LNCS, vol. 6307, pp. 422–441. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  6. 6.
    Polakis, I., Kontaxis, G., Antonatos, S., Gessiou, E., Petsas, T., Markatos, E.P.: Using social networks to harvest email addresses. In: Proceedings of the 9th Annual ACM Workshop on Privacy in the Electronic Society, pp. 11–20. WPES ’10, New York, NY, USA, ACM (2010)Google Scholar
  7. 7.
    Alexa Internet, I.: Alexa top 500 global sites.
  8. 8.
    Stringhini, G., Kruegel, C., Vigna, G.: Detecting spammers on social networks. In: Proceedings of the 26th Annual Computer Security Applications Conference, pp. 1–9. ACSAC ’10, New York, NY, USA. ACM (2010)Google Scholar
  9. 9.
    Gao, H., Hu, J., Wilson, C., Li, Z., Chen, Y., Zhao, B.Y.: Detecting and characterizing social spam campaigns. In: Proceedings of the 17th ACM conference on Computer and Communications Security, pp. 681–683. CCS ’10, New York, NY, USA. ACM (2010)Google Scholar
  10. 10.
    Jakobsson, M., Johnson, N., Finn, P.: Why and how to perform fraud experiments. IEEE Secur. Priv. 6(2), 66–68 (2008)CrossRefGoogle Scholar
  11. 11.
    Jakobsson, M., Ratkiewicz, J.: Designing ethical phishing experiments: a study of (ROT13) rOnl query features. In: WWW ’06: Proceedings of the 15th International Conference on World Wide Web, pp. 513–522, New York, NY, USA. ACM (2006)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Enaitz Ezpeleta
    • 1
    Email author
  • Urko Zurutuza
    • 1
  • José María Gómez Hidalgo
    • 2
  1. 1.Electronics and Computing DepartmentMondragon UniversityArrasate-MondragónSpain
  2. 2.Pragsis Technologies Manuel TovarMadridSpain

Personalised recommendations