For enterprises, the tool can be used for internal testing to find out how susceptible workers are to falling for the phony tweets, says Evan Blair, chief business officer for ZeroFOX. It’s never dawned on a lot of Twitter users that they could be phished in a tweet, so just making them aware of the problem could help reduce the number who fall for it, he says.
The researchers acknowledge that the tool could be used for spear phishing, but they’ve included a defect to mitigate the malicious use of it. For verified white-hat researchers they say they can remove the defect.
SNAP_R runs on Ubuntu and OS X, and operates in three phases. The researchers crafted it to work with Twitter, but similar tools could be made for other social networks.
Writing the tool took Seymour and Tully, both Ph.D. students specializing in data science, about two months.
Sign up for Computerworld eNewsletters.