inside the scam jungle
play

Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations - PowerPoint PPT Presentation

May 28, 2023 •436 likes •804 views

Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations Jelena Isacenkova Olivier Thonard Andrei Costin Aurelien Francillon Davide Balzarotti Nigerian Scam Trap 2 Nigerian Scam Trap 3 Spam vs. 419 Scam 419 SCAM SPAM

  1. Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations Jelena Isacenkova Olivier Thonard Andrei Costin Aurelien Francillon Davide Balzarotti

  2. Nigerian Scam Trap 2

  3. Nigerian Scam Trap 3

  4. Spam vs. 419 Scam 419 SCAM SPAM Low-volume High-volume ― ― Hide behind webmail accounts Highly dynamic infrastructure ― ― Manual sending Automated sending ― ― Trap with social engineering Trap victims through engineering ― ― techniques effort Contact with victims via emails Contact with victims over URLs ― ― and/or phone numbers 4

  5. Why we study campaigns ― The goal: – identify and characterize 419 scam campaigns – find predictive scam email features ― Our assumptions: – Scam is likely sent in campaigns, like Spam – Emails and phone numbers are personal scammer assets (Costin et al., PST'13) => linking features 5

  6. Outline ― Dataset ― Methodology ― Experimental results ― Conclusions 6

  7. Dataset 7

  8. Dataset ― Public data from 419scam.org ― From January 2009 till August 2012 ― 36,761 scam messages ― 12 countries (Europe, Africa and Asia) ― 34,723 unique email addresses ― 11,738 unique phone numbers 8

  9. Scam origins by phone numbers 9

  10. Scam origins by phone numbers Nigeria – 30% Benin – 14% South Africa – 5% 10

  11. Scam origins by phone numbers UK Nigeria – 30% Personal Numbering Services (PNS) Benin – 14% South Africa – 5% 11

  12. Scam origins by phone numbers UK Nigeria – 30% Personal Numbering Services (PNS) Benin – 14% Spain – 4% Netherlands – 3% South Africa – 5% 12

  13. Data categories 13

  14. Methodology 14

  15. TRIAGE ― Security data mining framework (Thonnard et al. at RAID'10, CEAS'11, RAID'12) ― Multi-dimentional clustering ― Links common elements together forming clusters/campaigns 15

  16. TRIAGE, part 2 16

  17. Experimental results 17

  18. Campaigns 1,040 campaigns identified, with at least 5 messages each ― Top 250 campaigns on average: ― – Long and scarce: last for one year and have only 28 active days – Small (38 emails): keep low-volume , could be unorganized – Use 2 phone numbers – Use 6 Reply-To email addresses – Use 14 From email addresses 18

  19. Re-use of emails and phones 19

  20. Re-use of emails and phones Being re-used on average 2,5 months Being re-used on average 6 months 20

  21. Examples 21

  22. 22

  23. Main traits: Single phone number Two campaign topics Long lived 83 emails 23

  24. Fake lottery 1 year 24

  25. “Eskom generates approximately 95% of the electricity used in South Africa and approximately 45% of the electricity used in Africa.”, - Escom

  26. Different topics over time Main traits: Topics change Monthly package of emails Single phone number 58 emails

  27. Different topics over time Main traits: Topics change December January Monthly package of emails Single phone number 58 emails November February March

  28. iPhone campaign Main traits: One topic Two phone numbers Big re-used email package 190 emails

  29. Macro-clusters ― Link strongly connected clusters into loosely connected ― Linked through emails and/or phone numbers ― 62 macro-clusters, 195 inter-connected clusters 29

  30. Top macro-clusters ― Some are organized groups operating on international scale ― Fake lottery scam is primarily run by scammers located in Europe that are connected with African scammer groups 30

  31. Clusters by countries ― Majority of unclustered data present isolated African actors => unorganized ― Macro-clusters cover African and many European actors => bigger organized groups covering Western markets 31

  32. Clusters by countries Unclustered: ― Majority of unclustered data stealthy or isolated scammers present isolated African actors => unorganized ― Macro-clusters cover African and many European actors => bigger organized groups covering Western markets 32

  33. Clusters by countries Unclustered: ― Majority of unclustered data stealthy or isolated scammers present isolated African actors => unorganized ― Macro-clusters cover African and many European actors => bigger organized groups covering Western markets Organized 33

  35. Conclusions Emails and phone numbers play a crucial role in Nigerian email scam – Campaigns are long and scarce – Scammers hide behind webmail and forwarded phones – Scam campaigns differ in their infrastructure, orchestration and modus operandi – Different scammers probably compete for trendy topics, thus changing topics over time 35

  36. 36

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Scams Awareness Month July 2016 Did you know? A scam is a scheme to con people out of their

Scams Awareness Month July 2016 Did you know? A scam is a scheme to con people out of their

Scams Awareness Month July 2016 Did you know? A scam is a scheme to con people out of their money. Other names for a scam include fraud, hoax, con, swindle, cheat. Each year millions of people in the UK fall prey to scammers.

729 views • 14 slides
What is Jungle Beat? Remember when kids were kids and

What is Jungle Beat? Remember when kids were kids and

What is Jungle Beat? Remember when kids were kids and playing meant grass burns, bare feet and muddy faces? Jungle Beat is a fun,

722 views • 39 slides
Finding your way through the QEMU parameter jungle 2018-02-04 Thomas Huth

Finding your way through the QEMU parameter jungle 2018-02-04 Thomas Huth

Finding your way through the QEMU parameter jungle 2018-02-04 Thomas Huth <thuth@redhat.com> Legal Disclaimer: Opinions are my own and not necessarily the views of my employer Jungle Leaves background license: CC BY 3.0 US

492 views • 28 slides
Are you scam aware? Citizens Advice Cornwall Wailim Wong - Campaigns and Communications Officer

Are you scam aware? Citizens Advice Cornwall Wailim Wong - Campaigns and Communications Officer

Are you scam aware? Citizens Advice Cornwall Wailim Wong - Campaigns and Communications Officer #scamaware Scams Awareness Fortnight 15 - 28 June 2020 A scam is a scheme to con people out of their money. 7 out of 10 people have been

378 views • 14 slides
Scam Alert ! What to Look For and How to Protect Yourself A Presentation by Christopher Gallo,

Scam Alert ! What to Look For and How to Protect Yourself A Presentation by Christopher Gallo,

Scam Alert ! What to Look For and How to Protect Yourself A Presentation by Christopher Gallo, CPA to the Rotary Club of Bridgeport January 21, 2020 A Few Caveats I will be moving very quickly through this material The

470 views • 32 slides
(Towards) Jungle Computing with Ibis Frank J. Seinstra, Jason Maassen, Niels Drost Computer

(Towards) Jungle Computing with Ibis Frank J. Seinstra, Jason Maassen, Niels Drost Computer

(Towards) Jungle Computing with Ibis Frank J. Seinstra, Jason Maassen, Niels Drost Computer Systems Group Department of Computer Science VU University, Amsterdam, The Netherlands Jungle Computing (ComplexHPC) Worst case computing as

522 views • 24 slides
The Jungle Universe About scales and physics in the cosmos Simon Portegies Zwart Sterrewacht

The Jungle Universe About scales and physics in the cosmos Simon Portegies Zwart Sterrewacht

The Jungle Universe About scales and physics in the cosmos Simon Portegies Zwart Sterrewacht Leiden Observation of the early universe (WMAP) Abel1689 Stephen's quintuplet The universe is multi-physics The universe is multi-scale Jungle

578 views • 44 slides
Original Concept Anne Quenton Reinterpretation of the Jungle Book Post-apocalyptic universe

Original Concept Anne Quenton Reinterpretation of the Jungle Book Post-apocalyptic universe

Original Concept Anne Quenton Reinterpretation of the Jungle Book Post-apocalyptic universe Humanod animals Original Concept Original Concept Interest The Jungle Book: part of the popular culture Offer an accessible and effective game

493 views • 30 slides
The Android security jungle: pitfalls, threats and survival tips Scott Alexander-Bown @scottyab

The Android security jungle: pitfalls, threats and survival tips Scott Alexander-Bown @scottyab

The Android security jungle: pitfalls, threats and survival tips Scott Alexander-Bown @scottyab The Jungle Ecosystem Googles protection Threats Risks Survival Network Data protection (encryption) App/device

888 views • 45 slides
Scam mail prize draws, lotteries and clairvoyants RBWM Case Study: Mr C Mail Scams RBWM

Scam mail prize draws, lotteries and clairvoyants RBWM Case Study: Mr C Mail Scams RBWM

Scam mail prize draws, lotteries and clairvoyants RBWM Case Study: Mr C Mail Scams RBWM Case Study: Mrs P Vitamin scam Nuisance calls RBWM Case Study: Mr J Nuisance Calls Day Centre Domestic support Neighbours Family Carers

268 views • 9 slides
A Comparison of Code Similarity Analyzers C. Ragkhitwetsagul, J. Krinke, D. Clark SCAM 16,

A Comparison of Code Similarity Analyzers C. Ragkhitwetsagul, J. Krinke, D. Clark SCAM 16,

A Comparison of Code Similarity Analyzers C. Ragkhitwetsagul, J. Krinke, D. Clark SCAM 16, EMSE (under reviewed) 1 Photo: https://c1.staticflickr.com/1/316/31831180223_38db905f28_c.jpg When source code is copied and modified, which

526 views • 30 slides
ESC SCAM AMBIA C A COUNTY ESCAMBIA COUNTY, FLORIDA 2020-21 PROPOSED BUDGET July 14 15 ESC

ESC SCAM AMBIA C A COUNTY ESCAMBIA COUNTY, FLORIDA 2020-21 PROPOSED BUDGET July 14 15 ESC

ESC SCAM AMBIA C A COUNTY ESCAMBIA COUNTY, FLORIDA 2020-21 PROPOSED BUDGET July 14 15 ESC SCAM AMBIA C A COUNTY Escambia County Proposed Budget Fiscal Year 2020-21 TOTAL BUDGET $ in Thousands 600,000 537,009 436,582 455,840 477,164

1.2k views • 75 slides
Everything You Ever Wanted to Know about Consumer Protection and Scam Prevention but Were Afraid to

Everything You Ever Wanted to Know about Consumer Protection and Scam Prevention but Were Afraid to

Everything You Ever Wanted to Know about Consumer Protection and Scam Prevention but Were Afraid to Ask Tamara Weaver Deputy Attorney General Consumer Protection Division Office of Attorney General Curtis Hill 317-234-7122

768 views • 39 slides
awa aware re? Citizens Advice Bournemouth, Christchurch & Poole Tom Lund #scamawa aware

awa aware re? Citizens Advice Bournemouth, Christchurch & Poole Tom Lund #scamawa aware

Ar Are yo e you u sc scam am awa aware re? Citizens Advice Bournemouth, Christchurch & Poole Tom Lund #scamawa aware re Scams Awareness Fortnight 15 - 28 June 2020 A sc A scam m is is a sc sche heme me to to con n pe

398 views • 17 slides
IMC Presentation Recommendation Adopt Inside Out and Back Again by Thanhha Lai Adopt One

IMC Presentation Recommendation Adopt Inside Out and Back Again by Thanhha Lai Adopt One

7 th Grade Novels IMC Presentation Recommendation Adopt Inside Out and Back Again by Thanhha Lai Adopt One Crazy Summer by Rita Williams Garcia Inside Out and Back Again by Thanhha Lai Inside Out and Back Again- Student Response Inside

577 views • 23 slides
D Dynamics of i f O li Online Scam S Hosting Infr Hosting Infr rastructure rastructure

D Dynamics of i f O li Online Scam S Hosting Infr Hosting Infr rastructure rastructure

D Dynamics of i f O li Online Scam S Hosting Infr Hosting Infr rastructure rastructure Maria Konte, N Nick Feamster Georgi a Tech Jaeyeo on Jung Intel Re esearch Online Scams Online Scams Often advertised in spam p m

450 views • 17 slides
LHC LOGGING Timeline of t he proj ect , resources Cont ext : where does logging f it in? Basic

LHC LOGGING Timeline of t he proj ect , resources Cont ext : where does logging f it in? Basic

Outline Launching of t he LHC Logging proj ect Mandat e, scope and obj ect ives LHC LOGGING Timeline of t he proj ect , resources Cont ext : where does logging f it in? Basic f unct ionalit ies Filt ering of dat a I nt erf acing t o ot

667 views • 3 slides
A First Look at Traffic on Smartphones by Falaki et al. Andrew Zafft CS Department Agenda

A First Look at Traffic on Smartphones by Falaki et al. Andrew Zafft CS Department Agenda

A First Look at Traffic on Smartphones by Falaki et al. Andrew Zafft CS Department Agenda Objective Study Structure Outcomes & Observations Future Work / Citations Conclusions 2 Worcester Polytechnic Institute

581 views • 21 slides
FLEET COMMANDER THE EFFICIENT WAY OF MANAGING THE DESKTOP PROFILES OF YOUR FLEET! FABIANO

FLEET COMMANDER THE EFFICIENT WAY OF MANAGING THE DESKTOP PROFILES OF YOUR FLEET! FABIANO

FLEET COMMANDER THE EFFICIENT WAY OF MANAGING THE DESKTOP PROFILES OF YOUR FLEET! FABIANO FIDNCIO OLIVER GUTIRREZ WHAT IS A DESKTOP PROFILE? A GROUP OF DESKTOP RELATED SETTINGS ASSOCIATED TO A USER, GROUP, HOST OR HOSTGROUP WHAT IS FLEET

816 views • 14 slides
Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University

Network Security Fundamentals Security Training Course Dr. Charles J. Antonelli The University of Michigan 2013 Network Security Fundamentals Introduction Introduction Welcome to the course! Instructor: Dr. Charles J. Antonelli

209 views • 10 slides
Adam Daniel Ruxcon 2014 Introduction Who Am I Stared working in Data Recovery and Data

Adam Daniel Ruxcon 2014 Introduction Who Am I Stared working in Data Recovery and Data

The Devil Is In The Detail Adam Daniel Ruxcon 2014 Introduction Who Am I Stared working in Data Recovery and Data Conversion in 1992 with Doctor Disk. Begun working in Computer Forensics in 1998 with Forensic Data Services.

378 views • 17 slides
HTML Email In Drupal The Easy Way! Dennis Jarecke Drupal Camp Ohio November 15, 2014

HTML Email In Drupal The Easy Way! Dennis Jarecke Drupal Camp Ohio November 15, 2014

HTML Email In Drupal The Easy Way! Dennis Jarecke Drupal Camp Ohio November 15, 2014 Demonstration Module hook_menu calls PHP function which populates parameters and calls drupal_mail() . This is a great way to test email in dev or even in

319 views • 12 slides
Learning to Detect Phishing Emails Ian Fette Norman Sadeh Anthony Tomasic (School of CS, CMU)

Learning to Detect Phishing Emails Ian Fette Norman Sadeh Anthony Tomasic (School of CS, CMU)

Learning to Detect Phishing Emails Ian Fette Norman Sadeh Anthony Tomasic (School of CS, CMU) Presented by: Ashique Mahmood Dept of Computer & Information Sciences University of Delaware CI SC 879 - Machine Learning for Solving Systems

1.22k views • 22 slides
CPSC 481 Tutorial 4 Intro to Visual Studio and C# Brennan Jones bdgjones@ucalgary.ca (based

CPSC 481 Tutorial 4 Intro to Visual Studio and C# Brennan Jones bdgjones@ucalgary.ca (based

CPSC 481 Tutorial 4 Intro to Visual Studio and C# Brennan Jones bdgjones@ucalgary.ca (based on previous tutorials by Alice Thudt, Fateme Rajabiyazdi, and David Ledo) Announcements I emailed you an example showing how the evolved

341 views • 31 slides

More recommend