-
-
An Example Script Using the SSF model
-
An Example Starter Email
-
An Example Response Email
Inspiration
I received a text from a number that clearly belonged to a bot. Instead of blocking it, I sat down and analyzed its behaviors to see what could be improved. The concept I ended up with was something terrifying in its potential scope that I believed needed to be shared.
What it does
Super-Spearphishing is essentially a protocol that uses sentiment, semantic and syntactic analysis, as well as POS tagging in order to create realistic and coercive email chains for gleaning information from victims using phishing. By analyzing this protocol, it is my hope that we will be better able to defend against attacks of this nature in the future.
How we built it
I felt as though it would be irresponsible to create a publicly accessible, functional implementation of the protocol. However, included in the video and documentation is an example of what a script for a Super-Spearphishing attack could look like. This actually ended up becoming more of a linguistics exercise than a programming one, but it was fun nonetheless.
Challenges we ran into
Although there is no functional build, there was still a steep learning curve associated with all of the NLP aspects of this project. Knowing what was and was not possible as well as how it could all be implemented in a manner that avoided the uncanny aspect that most AI driven text produces was important.
Accomplishments that we're proud of
If I had to pick one thing that I'm proud of, it would be the script. That kind of linguistic thinking isn't something I get to do very often and it was a nice change of pace generally speaking.
What we learned
All of the NLP concepts used in developing this protocol were completely foreign to me when I started.
What's next for Super-SpearPhishing
I would like to start work on a proper implementation of this protocol as soon as I can figure out a way to let others explore it without making it a danger. This is a project that grows in value exponentially as it is shared.
Log in or sign up for Devpost to join the conversation.