Till recent times, email harvesting was a time consuming process and was never real-time. This constituted, making connections to the smtp server and providing a dictionary to carry out the attack.
With the advent of social networking, many sites, in order to stay ahead of competitors are providing interfaces which provide basic information at the click of a mouse or interfaces to search for information provided by specific features.
Social Networking websites eg. Twitter, provide a search interface to search for tweets. We shall utilize this website to provide some examples of real-time email harvesting.
rpp = records per page.
This search provides all the tweets with gmail.com or hotmail.com or “email me” phrase. A small php script can then extract the necessary text from the provided information.
Time taken not more than 10 secs.
The information retrieved is typically dependent on the user using tweeter and due to general awareness, users tend to provide their personal email details rather than company email-ids,so it would be a bit difficult to retrieve company related email-ids.
The search is conducted in realtime and all the tweets are the latest ones, thus providing a Spammer with an ever expanding database of valid email ids.
Don’t’s
Never publish your email id in open groups / networking sites
Do’s
There’s nothing that you cannot do.
