![]() ![]() Our results not only demonstrate a new kind of abuse exploiting the telephony channel but also show the potential benefits of using phone numbers to fight spam on Twitter. In fact, we find that Twitter suspended only about 3.5% of the accounts that participated in the top 15 spam campaigns we measured. ![]() We also show that some of the campaigns we analyze appear to attempt to avoid account suspension by Twitter, by including reputable URLs in their tweets. Our contributions include a novel data collection technique that amplifies tweets containing phone numbers, clustering of tweets that are part of a given OPC attack campaign, and brief analysis of particularly interesting campaigns. ![]() We refer to this type of attacks as outgoing phone communication (OPC) attacks.īy collecting approximately 70M tweets containing over 5,786 phone numbers over a period of 14 months, we are able to measure properties of multiple spam campaigns, including well-known tech support scams. This form of spam is then monetized over the telephony channel, via messages/calls made by victims. One way this is done is by aggressively advertising phone numbers on social media (e.g., Twitter). In addition to delivering voice and messaging spam, this channel is also being used to lure victims into calling phone numbers that are controlled by the attackers. The telephony channel has become an attractive target for cyber criminals, who are using it to craft a variety of attacks. We discuss the deeper implications of our findings, including their potential use to develop the next generation fraud detection and prevention systems. We report a Google site vulnerability that enabled us to infer the mobile device models used to post more than 198 million reviews in Google Play, including 9,942 fake reviews. Further, we found and report participant-revealed techniques to bypass Google-imposed verifications, concrete strategies to avoid detection, and even strategies that leverage fraud detection to enhance fraud efficacy. We reveal findings concerning various aspects of ASO worker capabilities and behaviors, including novel insights into their working patterns, and supporting evidence for several existing assumptions. To address this problem, in this paper, we present results of both a qualitative study with 18 ASO workers we recruited from 5 freelancing sites, concerning activities they performed on Google Play, and a quantitative investigation with fraud-related data collected from other 39 ASO workers. However, such assumptions often lack empirical evidence from the actual fraud perpetrators. To detect and filter fraud, a growing body of research has provided insights into various aspects of fraud posting activities, and made assumptions about the working procedures of the fraudsters from online data. They appear to be the criminal equivalent of a boilerhouse sales operation, a modus operandi that has not previously been studied by cybercrime researchers.īlack Hat App Search Optimization (ASO) in the form of fake reviews and sockpuppet accounts, is prevalent in peer-opinion sites, e.g., app stores, with negative implications on the digital and real lives of their users. However, when examining their emails more closely, we see they often use pre-scripted emails, their mimicry is often incompetent, and they have a lack of language skills and cultural knowledge that may tip people off. At a superficial level, rental scammers seem skilled at their job, because they mimic genuine landlords and use a range of effective persuasion techniques. We identified two further social persuasion strategies: establishing credibility and removing objections. Of Stajano and Wilson's scam-based persuasion strategies, an appeal to sympathy (i.e., kindness) and need for greed were commonly used. Our analysis indicates that Cialdini`s marketing-based social persuasion strategies, such as liking, appeal to authority, and the need for commitment and consistency are extensively implemented by rental scammers. During a period of three weeks, we scraped 2112 letting advertisements, identified the fraudulent advertisements and had 44 conversations of around 4 or 5 emails each with the scammers. We were interested in which persuasion techniques scammers use, and in assessing their skill at the art of persuasion. After a victim responds to the scammer's advertisement, the scammer attempts to persuade them to transfer money without having seen the property. We specifically focused on fraudulent long-term rentals advertised in the UK on Craigslist. Rental scams are a type of advance fee fraud, in which the scammer tries to get a victim to pay a deposit to rent an apartment of which the scammer pretends to be the landlord. ![]()
0 Comments
Leave a Reply. |