Phishing Tool Uses Facial Recognition to Track Down Targets’ Social Media Accounts

Phishing Tool Uses Facial Recognition to Track Down Targets' Social Media AccountsWith facial recognition technology now causing some serious consternation and controversy through its use in public surveillance, it’s now poised to grow more invasive on social media as well. The credit goes to Trustwave, which has developed a new system called Social Mapper that uses facial recognition technology to automatically identify individuals’ social media accounts.

Announcing the solution in a blog post, Trustwave described itself as a provider of “ethical hacking services”. But the company proceeded to outline some decidedly nefarious-sounding applications of its intelligence gathering tool, proclaiming that it can be used to:

  • “Create fake social media profiles to ‘friend’ the targets and send them links to credential capturing landing pages or downloadable malware.”
  • “Trick users into disclosing their emails and phone numbers with vouchers and offers to make the pivot into phishing, vishing or smishing.”
  • “Create custom phishing campaigns for each social media site, knowing that the target has an account.”
  • “View target photos looking for employee access card badges and familiarise yourself with building interiors.”

In highlighting the criminal applications of its new phishing tool, Trustwave may set off some alarm bells among white hat security experts and everyday social media users. But it’s worth noting that Social Mapper is currently designed to operate through only one browser, whose administrators may be able to thwart the application’s access if it violates its terms of service. In the meantime, social media users have another privacy and security threat to contend with as Social Mappers’ biometric matching technology facilities highly sophisticated phishing campaigns.