Angel or Demon? Characterizing Variations Across Twitter Timeline of Technical Support Campaigners

Technical Support spam, which abuse Web 2.0 and carry out social engineering attacks have been in existence for a very long time, despite several measures taken to thwart such attacks. Although recent research has looked into unveiling tactics employed by spammers to lure victims, damage done on Online Social Networks is largely unexplored. In this paper, we perform the first large-scale study to understand the behavior of technical support spammers, and compare them with the legitimate technical support offered to OSN users by several brands such as Microsoft, Facebook, Amazon.We analyze the spam and legitimate accounts over a period of 20 months, and provide a taxonomy of the different types of spammers that are active in Tech Support spam landscape. We develop an automated mechanism to classify spammers from legitimate accounts, achieving a precision, recall of 99.8%.Our results shed light on the threats associated with billions of users using OSNs from Tech Support spam, and can help researchers and OSN service providers in developing effective countermeasures to fight them.

[1]  Arturo Azcorra,et al.  Are trending topics useful for marketing?: visibility of trending topics vs traditional advertisement , 2013, COSN '13.

[2]  Michalis Faloutsos Detecting malware with graph-based methods: traffic classification, botnets, and facebook scams , 2013, WWW '13 Companion.

[3]  Virgílio A. F. Almeida,et al.  Of Pins and Tweets: Investigating How Users Behave Across Image- and Text-Based Social Networks , 2014, ICWSM.

[4]  Gianluca Stringhini,et al.  Detecting spammers on social networks , 2010, ACSAC '10.

[5]  Alex Hai Wang,et al.  Don't follow me: Spam detection in Twitter , 2010, 2010 International Conference on Security and Cryptography (SECRYPT).

[6]  Roberto Perdisci,et al.  Towards Measuring the Role of Phone Numbers in Twitter-Advertised Spam , 2018, AsiaCCS.

[7]  Chao Yang,et al.  CATS: Characterizing automation of Twitter spammers , 2013, 2013 Fifth International Conference on Communication Systems and Networks (COMSNETS).

[8]  Ponnurangam Kumaraguru,et al.  Exploiting Phone Numbers and Cross-Application Features in Targeted Mobile Attacks , 2016, SPSM@CCS.

[9]  L. Cranor,et al.  Anti-Phishing Landing Page : Turning a 404 into a Teachable Moment for End Users , 2009 .

[10]  Virgílio A. F. Almeida,et al.  Detecting Spammers on Twitter , 2010 .

[11]  Mustaque Ahamad,et al.  Phoneypot: Data-driven Understanding of Telephony Threats , 2015, NDSS.

[12]  Calton Pu,et al.  Social Honeypots: Making Friends With A Spammer Near You , 2008, CEAS.

[13]  Kyumin Lee,et al.  Seven Months with the Devils: A Long-Term Study of Content Polluters on Twitter , 2011, ICWSM.

[14]  Haining Wang,et al.  Detecting Social Spam Campaigns on Twitter , 2012, ACNS.

[15]  Aurélien Francillon,et al.  The role of phone numbers in understanding cyber-crime schemes , 2013, 2013 Eleventh Annual Conference on Privacy, Security and Trust.

[16]  Robert Pienta,et al.  Uncovering the Landscape of Fraud and Spam in the Telephony Channel , 2016, 2016 15th IEEE International Conference on Machine Learning and Applications (ICMLA).

[17]  Jun Hu,et al.  Detecting and characterizing social spam campaigns , 2010, CCS '10.

[18]  Aurélien Francillon,et al.  Inside the scam jungle: a closer look at 419 scam email operations , 2013, 2013 IEEE Security and Privacy Workshops.

[19]  Nicolas Christin,et al.  Dissecting one click frauds , 2010, CCS '10.

[20]  Mark Dredze,et al.  Facebook, Twitter and Google Plus for Breaking News: Is There a Winner? , 2014, ICWSM.

[21]  Nick Nikiforakis,et al.  Dial One for Scam: A Large-Scale Analysis of Technical Support Scams , 2016, NDSS.

[22]  Debin Gao,et al.  MobiPot: Understanding Mobile Telephony Threats with Honeycards , 2016, AsiaCCS.

[23]  Danah Boyd,et al.  Detecting Spam in a Twitter Network , 2009, First Monday.

[24]  Manos Antonakakis,et al.  Understanding Cross-Channel Abuse with SMS-Spam Support Infrastructure Attribution , 2016, ESORICS.

[25]  Kyumin Lee,et al.  Uncovering social spammers: social honeypots + machine learning , 2010, SIGIR.

[26]  Virgílio A. F. Almeida,et al.  Detecting Spammers and Content Promoters in Online Video Social Networks , 2009, IEEE INFOCOM Workshops 2009.

[27]  Michalis Faloutsos,et al.  FRAppE: detecting malicious facebook applications , 2012, CoNEXT '12.

[28]  Mohammed J. Zaki,et al.  Is There a Best Quality Metric for Graph Clusters? , 2011, ECML/PKDD.

[29]  Vern Paxson,et al.  @spam: the underground on 140 characters or less , 2010, CCS '10.

[30]  Dawn Xiaodong Song,et al.  Suspended accounts in retrospect: an analysis of twitter spam , 2011, IMC '11.

[31]  Krishna P. Gummadi,et al.  Understanding and combating link farming in the twitter social network , 2012, WWW.

[32]  Nick Feamster,et al.  Observing common spam in Twitter and email , 2012, Internet Measurement Conference.

[33]  Dawn Xiaodong Song,et al.  Design and Evaluation of a Real-Time URL Spam Filtering Service , 2011, 2011 IEEE Symposium on Security and Privacy.

[34]  Dawn Xiaodong Song,et al.  Exploiting Network Structure for Proactive Spam Mitigation , 2007, USENIX Security Symposium.