Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

Post on 01-Nov-2014

416 views 3 download

Preview:

Click to see full reader

Tags:

Report this document
SHARE

description

Size, accessibility, and rate of growth of Online Social Media (OSM) has attracted cyber crimes through them. One form of cyber crime that has been increasing steadily is phishing, where the goal (for the phishers) is to steal personal information from users which can be used for fraudulent purposes. Although the research community and industry has been developing techniques to identify phishing attacks through emails and instant messaging (IM), there is very little research done, that provides a deeper understanding of phishing in online social media. Due to constraints of limited text space in social systems like Twitter, phishers have begun to use URL shortener services. In this study, we provide an overview of phishing attacks for this new scenario. One of our main conclusions is that phishers are using URL shorteners not only for reducing space but also to hide their identity. We observe that social media websites like Facebook, Habbo, Orkut are competing with e-commerce services like PayPal, eBay in terms of traffic and focus of phishers. Orkut, Habbo, and Facebook are amongst the top 5 brands targeted by phishers. We study the referrals from Twitter to understand the evolving phishing strategy. A staggering 89% of references from Twitter (users) are inorganic accounts which are sparsely connected amongst themselves, but havelarge number of followers and followees. We observe that most of the phishing tweets spread by extensive use of attractive words and multiple hashtags. To the best of our knowledge, this is the first study to connect the phishing landscape using blacklisted phishing URLs from PhishTank, URL statistics from bit.ly and cues from Twitter to track the impact of phishing in online social media.

transcript

Phi.sh/$oCiaL: The Phishing Landscape

through Short URLsSidharth Chhabra*, Anupama Aggarwal†,

Fabricio Benevenuto‡, Ponnurangam Kumaraguru†

*Delhi College of Engineering, †IIIT-Delhi, †Federal University of Ouro Preto

1

Motivation

2

3

4

Phishing via Short URLs

5

• Most popular - June 2010 - January 2011 *

• Most abused URL shortener

• 23.48% of short URL services

http://techblog.avira.com/en/

*

6

http://techblog.avira.com/en/
http://techblog.avira.com/en/

Research Aim

7

Analysis of Phishing Tweets containing Bitly

• How is Bitly used by Phishers?

• Who is Targeted ?

• Which Locations are Affected ?

8

System Architecture

9

URL TimeIs a

PhishIs

Up

Data Collection

10

URL TimeIs a

PhishIs

Up

Phishing

URLs

Data Collection

10

URL TimeIs a

PhishIs

Up

Phishing

URLs

Data Collection

10

URL TimeIs a

PhishIs

Up

Phishing

URLs

Short

URLs

Data Collection

10

URL TimeIs a

PhishIs

Up

Phishing

URLs

Short

URLsLong URL

Short URL

Created by

Lookup API

Data Collection Filtering

10

Referral Analysis

URL TimeIs a

PhishIs

Up

Phishing

URLs

Short

URLsLong URL

Short URL

Created by

Lookup API

Brand Analysis Temporal Analysis

Geographical Analysis

Behavioral Analysis

Text AnalysisNetwork Analysis

Data Collection Filtering

Analysis

10

Vote if PhishingVote if PhishingVote if Phishing

Yes No Unknown

Online

Yes 11,081 392 1,234

Online No 1,02,175 5,991 68,731Online

Unknown 4,863 523 795

1 January - 31 December, 2010

Dataset

11

Vote if PhishingVote if PhishingVote if Phishing

Yes No Unknown

Online

Yes 11,081 392 1,234

Online No 1,02,175 5,991 68,731Online

Unknown 4,863 523 795

1 January - 31 December, 2010

Dataset

11

Dataset

• 990 public Twitter users who posted phish tweets

• 864 user accounts present at the time of analysis

• 2000 past tweets for each of 516 users

12

Results

13

For 50% URLs, Space Gain < 37%

14

Social Network Websites targeted

15

516Twitterusers

213 inorganic

303 organic

Phish activity is majorly automated16

516Twitterusers

213 inorganic

303 organic

153 compromised

150 legitimate

Phish activity is majorly automated16

Sparse Network, High Reciprocity

17

Brazil is most targeted followed by US and Canada

18

Limitations

19

• Reliance on PhishTank

• 90% URLs offline when voted

• Small number of active voters

20

Conclusion

21

• URLs shorteners used to hide identity

• Change in landscape of phishing - OSNs target

• Phishing activity is automated

• Lack of phishing communities

• Brazil had highest phish URL clickthrough

22

Future Work

23

• Analyze the use of URL shorteners like goo.gl, tinyurl etc.

• Develop an algorithm to detect phishing on Twitter

24

Thank You !http://precog.iiitd.edu.in

25

http://precog.iiitd.edu.in
http://precog.iiitd.edu.in

26

For any other information, please write topk@iiitd.ac.in

precog.iiitd.edu.in

mailto:pk@iiitd.ac.in
mailto:pk@iiitd.ac.in

Top related

$ocial media marketing PPT
Education
7 S ocial Science
Documents
DotNetNuke Friendly Urls
Documents
Capture All the URLs
Documents
ocial psychology
Documents
History of $ocial Medias Part III
Entertainment & Humor
Ontologies, URLs and Registers
Internet
OCIAL PROBLEMS THEORY DIVISION - SSSP
Documents
Learning to read urls
Data & Analytics
Sociology, Social Policy and Criminology › media › livacuk › study › ... · 2019-06-18 · 02 aculty of umanities and ocial ciences cool of La and ocial ustice ociology ocial
Documents
Translated URLs
Technology
$ocial $eriou$
Real Estate
URLs for Pictures
Documents
S ocial Neuroscience
Documents
Traffic Blazer URLs
Documents
{all urls are clickable}
Documents
Mini lesson on URLs
Internet
History of $ocial Medias Part 1
Internet
Z39.50 URLs
Documents
Phi.sh/$oCiaL: The Phishing Landscape through Short URLs
Education

Copyright © 2018 DOCUMENTS