"Please don't send that bot anything": A Mixed-methods Study of Personal Impersonation Attacks Targeting Digital Payments on Social Media
Hoang Dai Nguyen
34th USENIX Security Symposium (USENIX Security '25) · Day 2 · Fraud, Malware, Spam
In an era where digital transactions are increasingly interwoven with social media interactions, a novel and insidious form of social engineering has emerged, termed **PROSPER** (Payment Re-routing on Social Media via Personal Impersonation). This talk, presented by Hoang Dai Nguyen from Louisiana State University, delves into a comprehensive mixed-methods study that uncovers the mechanics and prevalence of PROSPER attacks. Unlike traditional impersonation scams that target high-profile brands or celebrities, PROSPER attacks specifically target ordinary users by impersonating their friends or acquaintances on social media platforms to reroute digital payments.
AI review
Legitimate academic research on a real and underexamined threat — personal impersonation attacks in social media payment flows. The empirical data (1,000+ trigger tweets, 80% attack-within-10-minutes finding, 90% single-character handle delta) grounds it in reality, and the UI truncation vulnerability on X is a genuinely sharp observation. Not a technical research talk in the exploit sense, but a solid threat/behavior study that earns its USENIX slot.