Phi.sh/$oCiaL: The Phishing Landscape through Short URLs
Size, accessibility, and rate of growth of Online Social Media (OSM) has attracted cyber crimes through them. One form of cyber crime that has been increasing steadily is phishing, where the goal (for the phishers) is to steal personal information from users which can be used for fraudulent purposes. Although the research community and industry has been developing techniques to identify phishing attacks through emails and instant messaging (IM), there is very little research done, that provides a deeper understanding of phishing in online social media. Due to constraints of limited text space in social systems like Twitter, phishers have begun to use URL shortener services. In this study, we provide an overview of phishing attacks for this new scenario. One of our main conclusions is that phishers are using URL shorteners not only for reducing space but also to hide their identity. We observe that social media websites like Facebook, Habbo, Orkut are competing with e-commerce services like PayPal, eBay in terms of traffic and focus of phishers. Orkut, Habbo, and Facebook are amongst the top 5 brands targeted by phishers. We study the referrals from Twitter to understand the evolving phishing strategy. A staggering 89% of references from Twitter (users) are inorganic accounts which are sparsely connected amongst themselves, but havelarge number of followers and followees. We observe that most of the phishing tweets spread by extensive use of attractive words and multiple hashtags. To the best of our knowledge, this is the first study to connect the phishing landscape using blacklisted phishing URLs from PhishTank, URL statistics from bit.ly and cues from Twitter to track the impact of phishing in online social media.
Recommandé
Recommandé
Contenu connexe
Plus de IIIT Hyderabad
Plus de IIIT Hyderabad (20)
Dernier
Dernier (20)
Phi.sh/$oCiaL: The Phishing Landscape through Short URLs
- 1. Phi.sh/$oCiaL: The Phishing Landscape through Short URLs Sidharth Chhabra*, Anupama Aggarwal†, Fabricio Benevenuto‡, Ponnurangam Kumaraguru† *Delhi College of Engineering, †IIIT-Delhi, †Federal University of Ouro Preto 1
- 2. Motivation 2
- 3. 3
- 4. 4
- 5. Phishing via Short URLs 5
- 6. • Most popular - June 2010 - January 2011 * • Most abused URL shortener • 23.48% of short URL services * 6 http://techblog.avira.com/en/
- 8. Analysis of Phishing Tweets containing Bitly • • • How is Bitly used by Phishers? Who is Targeted ? Which Locations are Affected ? 8
- 10. Data Collection Is a URL Time Phish Is Up 10
- 11. Data Collection Phishing Is a URL Time Phish Is Up URLs 10
- 12. Data Collection Phishing Is a URL Time Phish Is Up URLs 10
- 13. Data Collection Phishing Is a URL Time Phish Is Up Short URLs URLs 10
- 14. Data Collection Filtering Phishing Is a URL Time Phish Is Up Short URLs URLs 10 Lookup API Long Short Created URL URL by
- 15. Data Collection Filtering Phishing Is a URL Time Phish Is Up Short URLs URLs Lookup API Long Short Created URL URL by Analysis Brand Analysis Temporal Analysis Referral Analysis Geographical Analysis Behavioral Text Analysis Analysis 10 Network Analysis
- 16. Dataset 1 January - 31 December, 2010 Vote if Phishing Yes Unknown Yes Online No 11,081 392 1,234 No 1,02,175 5,991 68,731 Unknown 4,863 523 795 11
- 17. Dataset 1 January - 31 December, 2010 Vote if Phishing Yes Unknown Yes Online No 11,081 392 1,234 No 1,02,175 5,991 68,731 Unknown 4,863 523 795 11
- 18. Dataset • 990 public Twitter users who posted phish tweets • 864 user accounts present at the time of analysis • 2000 past tweets for each of 516 users 12
- 19. Results 13
- 20. For 50% URLs, Space Gain < 37% 14
- 21. Social Network Websites targeted 15
- 22. 213 inorganic 516 Twitter users 303 organic Phish activity is majorly automated 16
- 23. 213 inorganic 153 compromised 516 Twitter users 303 organic 150 legitimate Phish activity is majorly automated 16
- 24. Sparse Network, High Reciprocity 17
- 25. Brazil is most targeted followed by US and Canada 18
- 26. Limitations 19
- 27. • Reliance on PhishTank • 90% URLs offline when voted • Small number of active voters 20
- 28. Conclusion 21
- 29. • URLs shorteners used to hide identity • Change in landscape of phishing - OSNs target • Phishing activity is automated • Lack of phishing communities • Brazil had highest phish URL clickthrough 22
- 30. Future Work 23
- 31. • Analyze the use of URL shorteners like goo.gl, tinyurl etc. • Develop an algorithm to detect phishing on Twitter 24
- 33. For any other information, please write to pk@iiitd.ac.in precog.iiitd.edu.in 26