Payas Gupta
Roberto Perdisci
ABSTRACT
The telephony channel has become an attractive target for cyber criminals, who are using it to craft a variety of attacks. In addition to delivering voice and messaging spam, this channel is also being used to lure victims into calling phone numbers that are controlled by the attackers. One way this is done is by aggressively advertising phone numbers on social media (e.g., Twitter). This form of spam is then monetized over the telephony channel, via messages/calls made by victims. We refer to this type of attacks as outgoing phone communication (OPC) attacks.
By collecting approximately 70M tweets containing over 5,786 phone numbers over a period of 14 months, we are able to measure properties of multiple spam campaigns, including well-known tech support scams. Our contributions include a novel data collection technique that amplifies tweets containing phone numbers, clustering of tweets that are part of a given OPC attack campaign, and brief analysis of particularly interesting campaigns. We also show that some of the campaigns we analyze appear to attempt to avoid account suspension by Twitter, by including reputable URLs in their tweets. In fact, we find that Twitter suspended only about 3.5% of the accounts that participated in the top 15 spam campaigns we measured. Our results not only demonstrate a new kind of abuse exploiting the telephony channel but also show the potential benefits of using phone numbers to fight spam on Twitter.
- Faraz Ahmed and Muhammad Abulaish. 2013. A generic statistical approach for spam detection in Online Social Networks. Computer Communications Vol. 36, 10 (2013), 1120--1129.Google Scholar
Cross Ref
- Marco Balduzzi, Payas Gupta, Lion Gu, Debin Gao, and Mustaque Ahamad. 2016. MobiPot: Understanding Mobile Telephony Threats with Honeycards Proceedings of the 11th ACM SIGSAC Symposium on Information, Computer and Communications Security (ASIA CCS '16). ACM, New York, NY, USA. Google ScholarDigital Library
- David M. Blei, Andrew Y. Ng, and Michael I. Jordan. 2003. Latent Dirichlet Allocation. The Journal of Machine Learning Research Vol. 3 (March. 2003), 993--1022. /dl.acm.org/citation.cfm?id=645526.657137 Google ScholarDigital Library
- Li Zhuang, John Dunagan, Daniel R. Simon, Helen J. Wang, and J. D. Tygar. 2008. Characterizing Botnets from Email Spam Records, Article 2 (2008), pages9 pages. http://dl.acm.org/citation.cfm?id=1387709.1387711Google Scholar
Index Terms
- Towards Measuring the Role of Phone Numbers in Twitter-Advertised Spam
Recommendations
Collective Classification of Spam Campaigners on Twitter: A Hierarchical Meta-Path Based Approach
WWW '18: Proceedings of the 2018 World Wide Web ConferenceCybercriminals have leveraged the popularity of a large user base available on Online Social Networks~(OSNs) to spread spam campaigns by propagating phishing URLs, attaching malicious contents, etc. However, another kind of spam attacks using phone ...
@spam: the underground on 140 characters or less
CCS '10: Proceedings of the 17th ACM conference on Computer and communications securityIn this work we present a characterization of spam on Twitter. We find that 8% of 25 million URLs posted to the site point to phishing, malware, and scams listed on popular blacklists. We analyze the accounts that send spam and find evidence that it ...
Spam filtering in twitter using sender-receiver relationship
RAID'11: Proceedings of the 14th international conference on Recent Advances in Intrusion DetectionTwitter is one of the most visited sites in these days. Twitter spam, however, is constantly increasing. Since Twitter spam is different from traditional spam such as email and blog spam, conventional spam filtering methods are inappropriate to detect ...
Comments