The tool, available as a downloadable zip archive, can be used to send phishing emails during times when users are active in order to increase the chances a poisoned link will be clicked.
It sifts through a user’s previous tweets using its machine learning capabilities to craft tweets relevant to a target’s interests, outpacing previous works that have merely spun Tweeted statements into questions.
Seymour and Tully fed their beast with some two million tweets when testing over a week of processing effort. Of the 90 Twitter users tested, between 30 to 60 percent clicked the phishing links, way above usual click rates.
Only the choicest Twitter victims that represented high value are targeted in order to stay under the radar of defenders employed by the 140 character social network giant.
“Clickthrough rates are among the highest ever reported for a large scale phishing campaign, underscoring the efficacy of coordinated automatic social engineering at scale,” the duo say.