Attackers employ artificial, machine-operated, social network profiles called socialbots to connect to real members of an organization, thus greatly increasing the amount of information the attacker can collect. to connect socialbots, attackers employ several strategies. the authors' approach detects socialbots by intelligently selecting organization member profiles and monitoring their activity. their study demonstrates their method's efficacyspecifically, that when an attacker knows the defense strategy being deployed, the most effective attack is randomly sprayed friend requests, which eventually lead to a low number of connections.A dvanced cyberattacks follow a well-designed methodology. 1 Initial reconnaissance constitutes the basis for establishing a successful attack against an organization. During the reconnaissance phase, attackers look for "appropriate" organizational entry points to launch an attack. 2 The open Web gives attackers a great deal of publicly available information, such as the location and size of branches, employees' contact details, commercial partners, technical presentations, network domain, IP address ranges, and even security policies.One of the most fertile sources for entry points into an organization are social networks (SNs). Information extracted from SNs can include organizational structure, positions and roles within the organization (administrator, IT, sales, and so on), contact information (such as email), and much more that might not appear on the official organizational website. 3 Moreover, attackers might gain a foothold in the organization and obtain even more information by employing fake SN profiles that establish connections with an organization's employees through the SN. 4 These social connections form a solid base for the next attack phase, also known as initial penetration, where malware is injected through direct messages, emails with malicious attachments, posts on the wall of targeted employees, and so on. The ease with which SN users accept friend requests from strangers plays into the attackers' hands. 5 Attackers employ several strategies to connect their socialbots to other profiles within an SN, ranging from randomly spraying friend requests to sophisticated approaches that maximize the chance that their targets will accept the request. In this