1 / 25

Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

Phi.sh/$oCiaL: The Phishing Landscape through Short URLs. Sidharth Chhabra * , Anupama Aggarwal † , Fabricio Benevenuto ‡ , Ponnurangam Kumaraguru †. * Delhi College of Engineering, † IIIT-Delhi, † Federal University of Ouro Preto. Motivation. Phishing via Short URLs.

robert
Télécharger la présentation

Phi.sh/$oCiaL: The Phishing Landscape through Short URLs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Phi.sh/$oCiaL: The Phishing Landscape through Short URLs Sidharth Chhabra*, Anupama Aggarwal†, Fabricio Benevenuto‡, Ponnurangam Kumaraguru† *Delhi College of Engineering, †IIIT-Delhi, †Federal University of Ouro Preto

  2. Motivation

  3. Phishing via Short URLs

  4. Most popular - June 2010 - January 2011 * • Most abused URL shortener • 23.48% of short URL services http://techblog.avira.com/en/

  5. Research Aim

  6. Analysis of Phishing Tweets containing Bitly • How is Bitly used by Phishers? • Who is Targeted ? • Which Locations are Affected ?

  7. System Architecture

  8. Data Collection Filtering Lookup API Phishing URLs Short URLs Analysis Brand Analysis Temporal Analysis Referral Analysis Geographical Analysis

  9. 1 January - 31 December, 2010 Dataset

  10. 990 public Twitter users who posted phish tweets 864 user accounts present at the time of analysis 2000 past tweets for each of 516 users Dataset

  11. Results

  12. Space gain is fraction of space saved by using bit.ly For 50% URLs, Space Gain < 37%

  13. Social Network Websites targeted

  14. 213 inorganic 153 compromised 516 Twitter users 303 organic 150 legitimate Phish activity is majorly automated

  15. Sparse Network, High Reciprocity

  16. Country was determined by using the Bit.ly statistics Brazil is most targeted followed by US and Canada

  17. Limitations

  18. Reliance on PhishTank • 90% URLs offline when voted • Small number of active voters

  19. Conclusion

  20. URLs shorteners used to hide identity • Change in landscape of phishing - OSNs target • Phishing activity is automated • Lack of phishing communities • Brazil had highest phish URL clickthrough

  21. Future Work

  22. Analyze the use of URL shorteners like goo.gl, tinyurl etc. • Develop an algorithm to detect phishing on Twitter

  23. Thank You ! http://precog.iiitd.edu.in

More Related