Under the Shadow of Sunshine: Characterizing Spam Campaigns Abusing Phone Numbers Across Online Social Networks

Cybercriminals abuse Online Social Networks (OSNs) to lure victims into a variety of spam. Among different spam types, a less explored area is OSN abuse that leverages the telephony channel to defraud users. Phone numbers are advertized via OSNs, and users are tricked into calling these numbers. To expand the reach of such scam / spam campaigns, phone numbers are advertised across multiple platforms like Facebook, Twitter, GooglePlus, Flickr, and YouTube. In this paper, we present the first data-driven characterization of cross-platform campaigns that use multiple OSN platforms to reach their victims and use phone numbers for monetization. We collect -23M posts containing -1.8M unique phone numbers from Twitter, Facebook, GooglePlus, Youtube, and Flickr over a period of six months. Clustering these posts helps us identify 202 campaigns operating across the globe with Indonesia, United States, India, and United Arab Emirates being the most prominent originators. We find that even though Indonesian campaigns generate highest volume (-3.2M posts), only 1.6% of the accounts propagating Indonesian campaigns have been suspended so far. By examining campaigns running across multiple OSNs, we discover that Twitter detects and suspends -93% more accounts than Facebook. Therefore, sharing intelligence about abuse-related user accounts across OSNs can aid in spam detection. According to our dataset, around -35K victims and -$8.8M could have been saved if intelligence was shared across the OSNs. By analyzing phone number based spam campaigns running on OSNs, we highlight the unexplored variety of phone-based attacks surfacing on OSNs.

[1]  Michalis Faloutsos,et al.  FRAppE: detecting malicious facebook applications , 2012, CoNEXT '12.

[2]  Calton Pu,et al.  Social Honeypots: Making Friends With A Spammer Near You , 2008, CEAS.

[3]  Chao Yang,et al.  CATS: Characterizing automation of Twitter spammers , 2013, 2013 Fifth International Conference on Communication Systems and Networks (COMSNETS).

[4]  Dawn Xiaodong Song,et al.  Design and Evaluation of a Real-Time URL Spam Filtering Service , 2011, 2011 IEEE Symposium on Security and Privacy.

[5]  Danah Boyd,et al.  Detecting Spam in a Twitter Network , 2009, First Monday.

[6]  Robert Pienta,et al.  Uncovering the Landscape of Fraud and Spam in the Telephony Channel , 2016, 2016 15th IEEE International Conference on Machine Learning and Applications (ICMLA).

[7]  Mark Dredze,et al.  Facebook, Twitter and Google Plus for Breaking News: Is There a Winner? , 2014, ICWSM.

[8]  Nick Nikiforakis,et al.  Dial One for Scam: A Large-Scale Analysis of Technical Support Scams , 2016, NDSS.

[9]  Debin Gao,et al.  MobiPot: Understanding Mobile Telephony Threats with Honeycards , 2016, AsiaCCS.

[10]  Manos Antonakakis,et al.  Understanding Cross-Channel Abuse with SMS-Spam Support Infrastructure Attribution , 2016, ESORICS.

[11]  Kyumin Lee,et al.  Uncovering social spammers: social honeypots + machine learning , 2010, SIGIR.

[12]  Virgílio A. F. Almeida,et al.  Detecting Spammers and Content Promoters in Online Video Social Networks , 2009, IEEE INFOCOM Workshops 2009.

[13]  Krishna P. Gummadi,et al.  Understanding and combating link farming in the twitter social network , 2012, WWW.

[14]  Ponnurangam Kumaraguru,et al.  Exploiting Phone Numbers and Cross-Application Features in Targeted Mobile Attacks , 2016, SPSM@CCS.

[15]  L. Cranor,et al.  Anti-Phishing Landing Page : Turning a 404 into a Teachable Moment for End Users , 2009 .

[16]  Nicolas Christin,et al.  Dissecting one click frauds , 2010, CCS '10.

[17]  Aurélien Francillon,et al.  The role of phone numbers in understanding cyber-crime schemes , 2013, 2013 Eleventh Annual Conference on Privacy, Security and Trust.

[18]  Mohammed J. Zaki,et al.  Is There a Best Quality Metric for Graph Clusters? , 2011, ECML/PKDD.

[19]  Jun Hu,et al.  Detecting and characterizing social spam campaigns , 2010, IMC '10.

[20]  Gianluca Stringhini,et al.  Detecting spammers on social networks , 2010, ACSAC '10.

[21]  Roberto Perdisci,et al.  Towards Measuring the Role of Phone Numbers in Twitter-Advertised Spam , 2018, AsiaCCS.

[22]  Nick Feamster,et al.  Observing common spam in Twitter and email , 2012, Internet Measurement Conference.

[23]  Virgílio A. F. Almeida,et al.  Detecting Spammers on Twitter , 2010 .

[24]  Mustaque Ahamad,et al.  Phoneypot: Data-driven Understanding of Telephony Threats , 2015, NDSS.

[25]  Aurélien Francillon,et al.  Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations , 2013, IEEE Symposium on Security and Privacy Workshops.

[26]  Vern Paxson,et al.  @spam: the underground on 140 characters or less , 2010, CCS '10.

[27]  Dawn Xiaodong Song,et al.  Suspended accounts in retrospect: an analysis of twitter spam , 2011, IMC '11.

[28]  Virgílio A. F. Almeida,et al.  Of Pins and Tweets: Investigating How Users Behave Across Image- and Text-Based Social Networks , 2014, ICWSM.

[29]  Sarwar Kamal,et al.  Impact analysis of facebook in family bonding , 2016, Social Network Analysis and Mining.

[30]  Arturo Azcorra,et al.  Are trending topics useful for marketing?: visibility of trending topics vs traditional advertisement , 2013, COSN '13.

[31]  Michalis Faloutsos Detecting malware with graph-based methods: traffic classification, botnets, and facebook scams , 2013, WWW '13 Companion.

[32]  Kyumin Lee,et al.  Seven Months with the Devils: A Long-Term Study of Content Polluters on Twitter , 2011, ICWSM.

[33]  Haining Wang,et al.  Detecting Social Spam Campaigns on Twitter , 2012, ACNS.

[34]  Niklas Lavesson,et al.  Hashtags and followers , 2016, Social Network Analysis and Mining.

[35]  Alex Hai Wang,et al.  Don't follow me: Spam detection in Twitter , 2010, 2010 International Conference on Security and Cryptography (SECRYPT).