Surveylance: Automatically Detecting Online Survey Scams

Online surveys are a popular mechanism for performing market research in exchange for monetary compensation. Unfortunately, fraudulent survey websites are similarly rising in popularity among cyber-criminals as a means for executing social engineering attacks. In addition to the sizable population of users that participate in online surveys as a secondary revenue stream, unsuspecting users who search the web for free content or access codes to commercial software can also be exposed to survey scams. This occurs through redirection to websites that ask the user to complete a survey in order to receive the promised content or a reward. In this paper, we present SURVEYLANCE, the first system that automatically identifies survey scams using machine learning techniques. Our evaluation demonstrates that SURVEYLANCE works well in practice by identifying 8,623 unique websites involved in online survey attacks. We show that SURVEYLANCE is suitable for assisting human analysts in survey scam detection at scale. Our work also provides the first systematic analysis of the survey scam ecosystem by investigating the capabilities of these services, mapping all the parties involved in the ecosystem, and quantifying the consequences to users that are exposed to these services. Our analysis reveals that a large number of survey scams are easily reachable through the Alexa top 30K websites, and expose users to a wide range of security issues including identity fraud, deceptive advertisements, potentially unwanted programs (PUPs), malicious extensions, and malware.

[1]  Nick Nikiforakis,et al.  Are You Sure You Want to Contact Us? Quantifying the Leakage of PII via Website Contact Forms , 2016, Proc. Priv. Enhancing Technol..

[2]  Leyla Bilge,et al.  The Dropper Effect: Insights into Malware Distribution with Downloader Graph Analytics , 2015, CCS.

[3]  Paolo Milani Comparetti,et al.  EvilSeed: A Guided Approach to Finding Malicious Web Pages , 2012, 2012 IEEE Symposium on Security and Privacy.

[4]  Damon McCoy,et al.  There Are No Free iPads: An Analysis of Survey Scams as a Business , 2013, LEET.

[5]  Christoph Zauner,et al.  Implementation and Benchmarking of Perceptual Image Hash Functions , 2010 .

[6]  Hamed Haddadi,et al.  Fighting online click-fraud using bluff ads , 2010, CCRV.

[7]  Aurélien Francillon,et al.  Optical Delusions: A Study of Malicious QR Codes in the Wild , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[8]  Kang Li,et al.  Measuring and Detecting Malware Downloads in Live Network Traffic , 2013, ESORICS.

[9]  William K. Robertson,et al.  Include Me Out: In-Browser Detection of Malicious Third-Party Content Inclusions , 2016, Financial Cryptography.

[10]  Wei Meng,et al.  Understanding Malvertising Through Ad-Injecting Browser Extensions , 2015, WWW.

[11]  Leyla Bilge,et al.  Measuring PUP Prevalence and PUP Distribution through Pay-Per-Install Services , 2016, USENIX Security Symposium.

[12]  Christopher Krügel,et al.  The Underground Economy of Fake Antivirus Software , 2011, WEIS.

[13]  Gianluca Stringhini,et al.  The Dark Alleys of Madison Avenue: Understanding Malicious Advertisements , 2014, Internet Measurement Conference.

[14]  Chris Sharp,et al.  Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software , 2016, USENIX Security Symposium.

[15]  William K. Robertson,et al.  Identifying Extension-Based Ad Injection via Fine-Grained Web Content Provenance , 2016, RAID.

[16]  Nicola Polettini,et al.  The Vector Space Model in Information Retrieval-Term Weighting Problem , 2004 .

[17]  Niels Provos,et al.  All Your iFRAMEs Point to Us , 2008, USENIX Security Symposium.

[18]  Nick Nikiforakis,et al.  Dial One for Scam: Analyzing and Detecting Technical Support Scams , 2016, ArXiv.

[19]  Paul Barford,et al.  Impression Fraud in On-line Advertising via Pay-Per-View Networks , 2013, USENIX Security Symposium.

[20]  Engin Kirda,et al.  UNVEIL: A large-scale, automated approach to detecting ransomware (keynote) , 2016, SANER.

[21]  Barton Whaley Toward a general theory of deception , 1982 .

[22]  Vern Paxson,et al.  Ad Injection at Scale: Assessing Deceptive Advertisement Modifications , 2015, 2015 IEEE Symposium on Security and Privacy.

[23]  Tobias Lauinger,et al.  Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web , 2018, NDSS.

[24]  Leyla Bilge,et al.  Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks , 2015, DIMVA.

[25]  Gerard Salton,et al.  A vector space model for automatic indexing , 1975, CACM.

[26]  Fang Yu,et al.  Knowing your enemy: understanding and detecting malicious web advertising , 2012, CCS '12.

[27]  Gianluca Stringhini,et al.  Stranger danger: exploring the ecosystem of ad-based URL shortening services , 2014, WWW.

[28]  InduShobha N. Chengalur-Smith,et al.  An overview of social engineering malware: Trends, tactics, and implications , 2010 .

[29]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[30]  Eero P. Simoncelli,et al.  Image quality assessment: from error visibility to structural similarity , 2004, IEEE Transactions on Image Processing.

[31]  Vern Paxson,et al.  Measuring Pay-per-Install: The Commoditization of Malware Distribution , 2011, USENIX Security Symposium.

[32]  Roberto Perdisci,et al.  Towards Measuring and Mitigating Social Engineering Software Download Attacks , 2016, USENIX Security Symposium.

[33]  R. Cialdini Influence: Science and Practice , 1984 .

[34]  Michael McGill,et al.  Introduction to Modern Information Retrieval , 1983 .

[35]  Wouter Joosen,et al.  Parking Sensors: Analyzing and Detecting Parked Domains , 2015, NDSS.