Phi.sh/$oCiaL:
The Phishing Landscape
through Short URLs
Sidharth Chhabra*, Anupama Aggarwal†,
Fabricio Benevenuto‡, Ponnu...
Motivation

2
3
4
Phishing via Short URLs

5
• Most popular - June 2010 - January 2011 *
• Most abused URL shortener
• 23.48% of short URL services
*
6

http://techblo...
Research Aim

7
Analysis of Phishing Tweets containing Bitly

•
•
•

How is Bitly used by Phishers?
Who is Targeted ?
Which Locations are ...
System Architecture

9
Data Collection

Is a
URL Time
Phish

Is
Up

10
Data Collection
Phishing

Is a
URL Time
Phish

Is
Up

URLs

10
Data Collection
Phishing

Is a
URL Time
Phish

Is
Up

URLs

10
Data Collection
Phishing

Is a
URL Time
Phish

Is
Up

Short

URLs

URLs

10
Data Collection

Filtering
Phishing

Is a
URL Time
Phish

Is
Up

Short

URLs

URLs

10

Lookup API
Long Short Created
URL ...
Data Collection

Filtering
Phishing

Is a
URL Time
Phish

Is
Up

Short

URLs

URLs

Lookup API
Long Short Created
URL URL
...
Dataset
1 January - 31 December, 2010
Vote if Phishing
Yes

Unknown

Yes
Online

No

11,081

392

1,234

No

1,02,175

5,9...
Dataset
1 January - 31 December, 2010
Vote if Phishing
Yes

Unknown

Yes
Online

No

11,081

392

1,234

No

1,02,175

5,9...
Dataset
•

990 public Twitter users who posted phish
tweets

•

864 user accounts present at the time of
analysis

•

2000...
Results

13
For 50% URLs, Space Gain < 37%
14
Social Network Websites targeted
15
213 inorganic

516
Twitter
users

303 organic

Phish activity is majorly automated
16
213 inorganic
153 compromised

516
Twitter
users

303 organic
150 legitimate
Phish activity is majorly automated
16
Sparse Network, High Reciprocity
17
Brazil is most targeted followed by US and Canada

18
Limitations

19
• Reliance on PhishTank
• 90% URLs offline when voted
• Small number of active voters

20
Conclusion

21
• URLs shorteners used to hide identity
• Change in landscape of phishing - OSNs target
• Phishing activity is automated
•...
Future Work

23
• Analyze the use of URL shorteners like
goo.gl, tinyurl etc.

• Develop an algorithm to detect phishing on
Twitter

24
Thank You !
http://precog.iiitd.edu.in
25
For any other information, please write to
pk@iiitd.ac.in
precog.iiitd.edu.in

26
Upcoming SlideShare
Loading in...5
×

Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

263

Published on

Size, accessibility, and rate of growth of Online Social Media (OSM) has attracted cyber crimes through them. One form of cyber crime that has been increasing steadily is phishing, where the goal (for the phishers) is to steal personal information from users which can be used for fraudulent purposes. Although the research community and industry has been developing techniques to identify phishing attacks through emails and instant messaging (IM), there is very little research done, that provides a deeper understanding of phishing
in online social media. Due to constraints of limited text space in social systems like Twitter, phishers have begun to use URL shortener services. In this study, we provide an overview of phishing attacks for this new scenario. One of our main conclusions is that phishers are using URL shorteners not only for reducing space but also to hide their identity. We observe that social media websites like Facebook, Habbo, Orkut are competing with e-commerce services like PayPal, eBay in terms of traffic and focus of phishers. Orkut, Habbo, and Facebook are amongst the top 5 brands targeted by phishers. We study the referrals from Twitter to understand the evolving phishing strategy. A staggering 89% of references from Twitter (users) are inorganic accounts which are sparsely connected amongst themselves, but havelarge number of followers and followees. We observe that most of the phishing tweets spread by extensive use of attractive words and multiple hashtags. To the best of our knowledge, this is the first study to connect the phishing landscape using blacklisted phishing URLs from PhishTank, URL statistics from bit.ly and cues from Twitter to track the impact of phishing in online social media.

Published in: Technology, Design
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
263
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

  1. 1. Phi.sh/$oCiaL: The Phishing Landscape through Short URLs Sidharth Chhabra*, Anupama Aggarwal†, Fabricio Benevenuto‡, Ponnurangam Kumaraguru† *Delhi College of Engineering, †IIIT-Delhi, †Federal University of Ouro Preto 1
  2. 2. Motivation 2
  3. 3. 3
  4. 4. 4
  5. 5. Phishing via Short URLs 5
  6. 6. • Most popular - June 2010 - January 2011 * • Most abused URL shortener • 23.48% of short URL services * 6 http://techblog.avira.com/en/
  7. 7. Research Aim 7
  8. 8. Analysis of Phishing Tweets containing Bitly • • • How is Bitly used by Phishers? Who is Targeted ? Which Locations are Affected ? 8
  9. 9. System Architecture 9
  10. 10. Data Collection Is a URL Time Phish Is Up 10
  11. 11. Data Collection Phishing Is a URL Time Phish Is Up URLs 10
  12. 12. Data Collection Phishing Is a URL Time Phish Is Up URLs 10
  13. 13. Data Collection Phishing Is a URL Time Phish Is Up Short URLs URLs 10
  14. 14. Data Collection Filtering Phishing Is a URL Time Phish Is Up Short URLs URLs 10 Lookup API Long Short Created URL URL by
  15. 15. Data Collection Filtering Phishing Is a URL Time Phish Is Up Short URLs URLs Lookup API Long Short Created URL URL by Analysis Brand Analysis Temporal Analysis Referral Analysis Geographical Analysis Behavioral Text Analysis Analysis 10 Network Analysis
  16. 16. Dataset 1 January - 31 December, 2010 Vote if Phishing Yes Unknown Yes Online No 11,081 392 1,234 No 1,02,175 5,991 68,731 Unknown 4,863 523 795 11
  17. 17. Dataset 1 January - 31 December, 2010 Vote if Phishing Yes Unknown Yes Online No 11,081 392 1,234 No 1,02,175 5,991 68,731 Unknown 4,863 523 795 11
  18. 18. Dataset • 990 public Twitter users who posted phish tweets • 864 user accounts present at the time of analysis • 2000 past tweets for each of 516 users 12
  19. 19. Results 13
  20. 20. For 50% URLs, Space Gain < 37% 14
  21. 21. Social Network Websites targeted 15
  22. 22. 213 inorganic 516 Twitter users 303 organic Phish activity is majorly automated 16
  23. 23. 213 inorganic 153 compromised 516 Twitter users 303 organic 150 legitimate Phish activity is majorly automated 16
  24. 24. Sparse Network, High Reciprocity 17
  25. 25. Brazil is most targeted followed by US and Canada 18
  26. 26. Limitations 19
  27. 27. • Reliance on PhishTank • 90% URLs offline when voted • Small number of active voters 20
  28. 28. Conclusion 21
  29. 29. • URLs shorteners used to hide identity • Change in landscape of phishing - OSNs target • Phishing activity is automated • Lack of phishing communities • Brazil had highest phish URL clickthrough 22
  30. 30. Future Work 23
  31. 31. • Analyze the use of URL shorteners like goo.gl, tinyurl etc. • Develop an algorithm to detect phishing on Twitter 24
  32. 32. Thank You ! http://precog.iiitd.edu.in 25
  33. 33. For any other information, please write to pk@iiitd.ac.in precog.iiitd.edu.in 26
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×