The role of phone numbers in understanding cyber-crime schemes

Internet and telephones are part of everyone's modern life. Unfortunately, several criminal activities also rely on these technologies to reach their victims. While the use and importance of the Internet has been largely studied, previous work overlooked the role that phone numbers can play in understanding online threats. In this work we aim at determining if leveraging phone numbers analysis can improve our understanding of the underground markets, illegal computer activities, or cyber-crime in general. This knowledge could then be adopted by several defensive mechanisms, including blacklists or advanced spam heuristics. Our results show that, in scam activities, phone numbers remain often more stable over time than email addresses. Using a combination of graph analysis and geographical Home Location Register (HLR) lookups, we identify recurrent cyber-criminal business models and link together scam communities that spread over different countries.

[1]  John Shawe-Taylor,et al.  Detection of fraud in mobile telecommunications , 1999, Inf. Secur. Tech. Rep..

[2]  Mary Dodge Slams, Crams, Jams, and other Phone Scams , 2001 .

[3]  Eve Edelson The 419 scam: information warfare on the spam front and a proposal for local filtering , 2003, Comput. Secur..

[4]  Craig Pollard Telecom Fraud: Telecom fraud: the cost of doing nothing just went up , 2005 .

[5]  Gang Zhao,et al.  Knowledge-Based Information Extraction: A Case Study of Recognizing Emails of Nigerian Frauds , 2005, NLDB.

[6]  Joel Scanlan,et al.  Catching spam before it arrives: domain specific dynamic blacklists , 2006, ACSW.

[7]  Mikko Hypponen,et al.  Malware goes mobile. , 2006, Scientific American.

[8]  Aaron Emigh The Crimeware Landscape: Malware, Phishing, Identity Theft and Beyond , 2006, J. Digit. Forensic Pract..

[9]  Markus Jakobsson,et al.  Crimeware: Understanding New Attacks and Defenses (Symantec Press) , 2008 .

[10]  Markus Jakobsson,et al.  Crimeware: Understanding New Attacks and Defenses , 2008 .

[11]  Chris Kanich,et al.  On the Spam Campaign Trail , 2008, LEET.

[12]  Felix C. Freiling,et al.  Learning More about the Underground Economy: A Case-Study of Keyloggers and Dropzones , 2009, ESORICS.

[13]  Patrick D. McDaniel,et al.  On lightweight mobile phone application certification , 2009, CCS.

[14]  Feng Qian,et al.  Botnet spam campaigns can be long lasting: evidence, implications, and analysis , 2009, SIGMETRICS '09.

[15]  Ross J. Anderson,et al.  The Economics of Online Crime , 2009 .

[16]  Nicolas Christin,et al.  Dissecting one click frauds , 2010, CCS '10.

[17]  Victor Wacham A. Mbarika,et al.  Seeing Beyond the Surface, Understanding and Tracking Fraudulent Cyber Activities , 2010, ArXiv.

[18]  Federico Maggi Are the Con Artists Back? A Preliminary Analysis of Modern Phone Frauds , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[19]  Christian Platzer,et al.  Covertly Probing Underground Economy Marketplaces , 2010, DIMVA.

[20]  Frank Stajano,et al.  Understanding scam victims , 2011, Commun. ACM.

[21]  Dawn Xiaodong Song,et al.  Design and Evaluation of a Real-Time URL Spam Filtering Service , 2011, 2011 IEEE Symposium on Security and Privacy.

[22]  Steve Hanna,et al.  A survey of mobile malware in the wild , 2011, SPSM '11.

[23]  Gianluca Stringhini,et al.  The Underground Economy of Spam: A Botmaster's Perspective of Coordinating Large-Scale Spam Campaigns , 2011, LEET.

[24]  Leyla Bilge,et al.  EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis , 2011, NDSS.

[25]  Cormac Herley,et al.  Why do Nigerian Scammers Say They are From Nigeria? , 2012, WEIS.

[26]  Gaëlle Recourcé Interpreting contact details out of e-mail signature blocks , 2012, WWW.

[27]  Nan Jiang,et al.  Isolating and analyzing fraud activities in a large cellular network via voice call graph analysis , 2012, MobiSys '12.