Post on 01-Nov-2014
description
transcript
Phi.sh/$oCiaL: The Phishing Landscape
through Short URLsSidharth Chhabra*, Anupama Aggarwal†,
Fabricio Benevenuto‡, Ponnurangam Kumaraguru†
*Delhi College of Engineering, †IIIT-Delhi, †Federal University of Ouro Preto
1
Motivation
2
3
4
Phishing via Short URLs
5
• Most popular - June 2010 - January 2011 *
• Most abused URL shortener
• 23.48% of short URL services
http://techblog.avira.com/en/
*
6
Research Aim
7
Analysis of Phishing Tweets containing Bitly
• How is Bitly used by Phishers?
• Who is Targeted ?
• Which Locations are Affected ?
8
System Architecture
9
URL TimeIs a
PhishIs
Up
Data Collection
10
URL TimeIs a
PhishIs
Up
Phishing
URLs
Data Collection
10
URL TimeIs a
PhishIs
Up
Phishing
URLs
Data Collection
10
URL TimeIs a
PhishIs
Up
Phishing
URLs
Short
URLs
Data Collection
10
URL TimeIs a
PhishIs
Up
Phishing
URLs
Short
URLsLong URL
Short URL
Created by
Lookup API
Data Collection Filtering
10
Referral Analysis
URL TimeIs a
PhishIs
Up
Phishing
URLs
Short
URLsLong URL
Short URL
Created by
Lookup API
Brand Analysis Temporal Analysis
Geographical Analysis
Behavioral Analysis
Text AnalysisNetwork Analysis
Data Collection Filtering
Analysis
10
Vote if PhishingVote if PhishingVote if Phishing
Yes No Unknown
Online
Yes 11,081 392 1,234
Online No 1,02,175 5,991 68,731Online
Unknown 4,863 523 795
1 January - 31 December, 2010
Dataset
11
Vote if PhishingVote if PhishingVote if Phishing
Yes No Unknown
Online
Yes 11,081 392 1,234
Online No 1,02,175 5,991 68,731Online
Unknown 4,863 523 795
1 January - 31 December, 2010
Dataset
11
Dataset
• 990 public Twitter users who posted phish tweets
• 864 user accounts present at the time of analysis
• 2000 past tweets for each of 516 users
12
Results
13
For 50% URLs, Space Gain < 37%
14
Social Network Websites targeted
15
516Twitterusers
213 inorganic
303 organic
Phish activity is majorly automated16
516Twitterusers
213 inorganic
303 organic
153 compromised
150 legitimate
Phish activity is majorly automated16
Sparse Network, High Reciprocity
17
Brazil is most targeted followed by US and Canada
18
Limitations
19
• Reliance on PhishTank
• 90% URLs offline when voted
• Small number of active voters
20
Conclusion
21
• URLs shorteners used to hide identity
• Change in landscape of phishing - OSNs target
• Phishing activity is automated
• Lack of phishing communities
• Brazil had highest phish URL clickthrough
22
Future Work
23
• Analyze the use of URL shorteners like goo.gl, tinyurl etc.
• Develop an algorithm to detect phishing on Twitter
24
26
For any other information, please write topk@iiitd.ac.in
precog.iiitd.edu.in