Data-Driven and Deep Learning Methodology for Deceptive Advertising and Phone Scams Detection

The advance of smartphones and cellular networks boosts the need of mobile advertising and targeted marketing. However, it also triggers the unseen security threats. We found that the phone scams with fake calling numbers of very short lifetime are increasingly popular and have been used to trick the users. The harm is worldwide. On the other hand, deceptive advertising (deceptive ads), the fake ads that tricks users to install unnecessary apps via either alluring or daunting texts and pictures, is an emerging threat that seriously harms the reputation of the advertiser. To counter against these two new threats, the conventional blacklist (or whitelist) approach and the machine learning approach with predefined features have been proven useless. Nevertheless, due to the success of deep learning in developing the highly intelligent program, our system can efficiently and effectively detect phone scams and deceptive ads by taking advantage of our unified framework on deep neural network (DNN) and convolutional neural network (CNN). The proposed system has been deployed for operational use and the experimental results proved the effectiveness of our proposed system. Furthermore, we keep our research results and release experiment material on http://DeceptiveAds.TWMAN.ORG and http://PhoneScams.TWMAN.ORG if there is any update.Comment: 6 pages, TAAI 2017 versio

Social engineering: psychology applied to Information Security

Psychology and computer science are two scientific disciplines that focus on identifying the particular characteristics of information processing. The first in the human being and the second in the construction of a technical tool that seeks to emulate the brain: the computer. That is why psychology is strongly tied to the moment for people to choose their passwords. Deceptive advertising often compensates (through money, products and free services or other self-esteem tests) to influence a product or service to appear on your social network. In order to increase its consumption among its followers and also to take personal information without your consent. Due to the increase of the use of social networks, our social engineering strategy can efficiently and effectively show that security is subjective and that a significant percentage of users are vulnerable to deceptive advertisement through the internet. This project is based on the need to prevent attacks of information subtraction by obtaining/decrypting the keys of access or in the worst case obtain directly their passwords to the different web services, bank accounts, credit cards of individuals, based on the information that people exposed or share on their social networks. This paper also examines how attackers could obtain/decipher their passwords based on personal information obtained from deceptive advertisements implemented through a social network. The advantage of this approach also shows the user password composition providing a better vision of how hackers use the psychology applied to information security.Maestrí

Active Data Collection Techniques to Understand Online Scammers and Cybercriminals

Nigerian scam, also known as advance fee fraud or 419 scam, is a prevalent form of online fraudulent activity that causes financial loss to individuals and businesses. Nigerian scam has evolved from simple non-targeted email messages to more sophisticated scams targeted at users of classifieds, dating and other websites. Even though such scams are observed and reported by users frequently, the community’s understanding of Nigerian scams is limited since the scammers operate “underground”. To better understand the underground Nigerian scam ecosystem and seek effective methods to deter Nigerian scam and cybercrime in general, we conduct a series of active and passive measurement studies. Relying upon the analysis and insight gained from the measurement studies, we make four contributions: (1) we analyze the taxonomy of Nigerian scam and derive long-term trends in scams; (2) we provide an insight on Nigerian scam and cybercrime ecosystems and their underground operation; (3) we propose a payment intervention as a potential deterrent to cybercrime operation in general and evaluate its effectiveness; and (4) we offer active and passive measurement tools and techniques that enable in-depth analysis of cybercrime ecosystems and deterrence on them. We first created and analyze a repository of more than two hundred thousand user-reported scam emails, stretching from 2006 to 2014, from four major scam reporting websites. We select ten most commonly observed scam categories and tag 2,000 scam emails randomly selected from our repository. Based upon the manually tagged dataset, we train a machine learning classifier and cluster all scam emails in the repository. From the clustering result, we find a strong and sustained upward trend for targeted scams and downward trend for non-targeted scams. We then focus on two types of targeted scams: sales scams and rental scams targeted users on Craigslist. We built an automated scam data collection system and gathered large-scale sales scam emails. Using the system we posted honeypot ads on Craigslist and conversed automatically with the scammers. Through the email conversation, the system obtained additional confirmation of likely scam activities and collected additional information such as IP addresses and shipping addresses. Our analysis revealed that around 10 groups were responsible for nearly half of the over 13,000 total scam attempts we received. These groups used IP addresses and shipping addresses in both Nigeria and the U.S. We also crawled rental ads on Craigslist, identified rental scam ads amongst the large number of benign ads and conversed with the potential scammers. Through in-depth analysis of the rental scams, we found seven major scam campaigns employing various operations and monetization methods. We also found that unlike sales scammers, most rental scammers were in the U.S. The large-scale scam data and in-depth analysis provide useful insights on how to design effective deterrence techniques against cybercrime in general. We study underground DDoS-for-hire services, also known as booters, and measure the effectiveness of undermining a payment system of DDoS Services. Our analysis shows that the payment intervention can have the desired effect of limiting cybercriminals’ ability and increasing the risk of accepting payments

The psychology of scams: Provoking and committing errors of judgement

According to the Office of Fair Trading (2006), 3.2 million adults in the UK fall victim to mass marketed scams every year, and collectively lose £3.5 billion. Victims of scams are often labelled as 'greedy' or 'gullible' and elicit the reaction, 'How on earth could anyone fall for that?' However, such labels are unhelpful and superficial generalisations that presume all of us are perfectly rational consumers, ignoring the fact that all of us are vulnerable to a persuasive approach at one time or another. Clearly, responding to a scam is an error of judgement – so our research sought to identify the main categories of decision error that typify victim responses, and to understand the psychology of persuasion employed by scammers to try to provoke such errors.UK Office of Fair Tradin

The Proceedings of 15th Australian Information Security Management Conference, 5-6 December, 2017, Edith Cowan University, Perth, Australia

Conference Foreword The annual Security Congress, run by the Security Research Institute at Edith Cowan University, includes the Australian Information Security and Management Conference. Now in its fifteenth year, the conference remains popular for its diverse content and mixture of technical research and discussion papers. The area of information security and management continues to be varied, as is reflected by the wide variety of subject matter covered by the papers this year. The papers cover topics from vulnerabilities in “Internet of Things” protocols through to improvements in biometric identification algorithms and surveillance camera weaknesses. The conference has drawn interest and papers from within Australia and internationally. All submitted papers were subject to a double blind peer review process. Twenty two papers were submitted from Australia and overseas, of which eighteen were accepted for final presentation and publication. We wish to thank the reviewers for kindly volunteering their time and expertise in support of this event. We would also like to thank the conference committee who have organised yet another successful congress. Events such as this are impossible without the tireless efforts of such people in reviewing and editing the conference papers, and assisting with the planning, organisation and execution of the conference. To our sponsors, also a vote of thanks for both the financial and moral support provided to the conference. Finally, thank you to the administrative and technical staff, and students of the ECU Security Research Institute for their contributions to the running of the conference

Pathways to Online Hate: Behavioural, Technical, Economic, Legal, Political & Ethical Analysis.

The Alfred Landecker Foundation seeks to create a safer digital space for all. The work of the Foundation helps to develop research, convene stakeholders to share valuable insights, and support entities that combat online harms, specifically online hate, extremism, and disinformation. Overall, the Foundation seeks to reduce hate and harm tangibly and measurably in the digital space by using its resources in the most impactful way. It also aims to assist in building an ecosystem that can prevent, minimise, and mitigate online harms while at the same time preserving open societies and healthy democracies. A non-exhaustive literature review was undertaken to explore the main facets of harm and hate speech in the evolving online landscape and to analyse behavioural, technical, economic, legal, political and ethical drivers; key findings are detailed in this report

The impact of the online marketplace on fraud: Evidence from Craigslist from its early adoption in 1995 to its wider expansion in 2006.

Doctor of PhilosophyDepartment Not ListedMartin SeayThis research aims to assess the influence of Craigslist’s presence and adoption on fraud arrests within metropolitan statistical areas (MSAs) where it was introduced compared to areas where it was not available. Utilizing the consumer vulnerability framework (Hill & Sharma, 2020), the study used diverse data sources, including Craigslist entry data, the Uniform Crime Reporting (UCR) dataset, and the US Census Bureau Current Population Survey (CPS) data from 1995-2006. Employing differences-in-differences (DID) models, this study's primary findings indicate a reduction in fraud arrests, ranging from 11% to 23% following the introduction of Craigslist. This might appear counterintuitive considering online platforms are sometimes fraud hotspots. However, explanations range from Craigslist’s peer-to-peer transaction format, the existence of a digital trail, platform and community-generated scam education, and an inherent self-policing mechanism where suspicious ads are flagged, reviewed, and removed. While minor frauds may persist and potentially go unreported, Craigslist’s enduring popularity (Oravec, 2014) subjects listings to vast public scrutiny, making large-scale frauds challenging. In collaboration with U.S. law enforcement, Craigslist has introduced safety measures such as posting limitations that deter unsafe activities (Freese, 2011). On the Craigslist website, there is a section that talks about how to avoid scams on the platform (Craigslist, 2023a). Potential extrinsic factors influencing fraud arrests are numerous. Craigslist’s marketplace vitality might present genuine income avenues, reducing fraud incentives. As users become adept at recognizing scams, successful frauds could decline. Additionally, as online platforms become integral in regional economies, law enforcement could foster refined online fraud identification and prosecution tools generating a deterrent effect. Practical implications are discussed and suggestions for future research are provided

The criminal exploitation of ambiguity : a multi-level analysis of fraudulent telemarketers

During the past century there have been significant changes in the economic and social structure that have resulted in new forms of criminal opportunities. Fraudulent telemarketers are among those that have seized such opportunities to defraud consumers out of billions of dollars annually. The purpose of this dissertation is to determine the decision-making process of criminal telemarketers and the means by which they commit fraud. Data analysis draws from semi-structured interviews with 48 subjects who have been convicted under federal law. First, the organization, management, and accountability structure of criminal telemarketing enterprises are examined. Next, the interaction process between fraudsters and victims is explored from a social-psychological perspective. The subjects\u27 backgrounds and criminal careers and the lure of criminal telemarketing and the lifestyles it affords are then provided. Finally, the thought processes of fraudulent telemarketers are analyzed in the context of denial of crime, techniques of neutralization, and organizational design, before a rational choice perspective is applied. The author concludes that fraudulent telemarketers embrace the cultural goal of capital accumulation, exploit ambiguity in the law, design diffuse accountability structures in their organization to avoid criminal responsibility, and ultimately ascend n to the status of marginalized middle-class persons