The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Phishing Exposed
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Cantina: a content-based approach to detecting phishing web sites
Proceedings of the 16th international conference on World Wide Web
Learning to detect phishing emails
Proceedings of the 16th international conference on World Wide Web
Communications of the ACM
Evaluating the Wisdom of Crowds in Assessing Phishing Websites
Financial Cryptography and Data Security
Exploitable redirects on the web: identification, prevalence, and defense
WOOT'08 Proceedings of the 2nd conference on USENIX Workshop on offensive technologies
Detecting spammers and content promoters in online video social networks
Proceedings of the 32nd international ACM SIGIR conference on Research and development in information retrieval
Phishguru: a system for educating users about semantic attacks
Phishguru: a system for educating users about semantic attacks
Teaching Johnny not to fall for phish
ACM Transactions on Internet Technology (TOIT)
What is Twitter, a social network or a news media?
Proceedings of the 19th international conference on World wide web
Phishnet: predictive blacklisting to detect phishing attacks
INFOCOM'10 Proceedings of the 29th conference on Information communications
Uncovering social spammers: social honeypots + machine learning
Proceedings of the 33rd international ACM SIGIR conference on Research and development in information retrieval
@spam: the underground on 140 characters or less
Proceedings of the 17th ACM conference on Computer and communications security
Detecting and characterizing social spam campaigns
IMC '10 Proceedings of the 10th ACM SIGCOMM conference on Internet measurement
Who is tweeting on Twitter: human, bot, or cyborg?
Proceedings of the 26th Annual Computer Security Applications Conference
Information credibility on twitter
Proceedings of the 20th international conference on World wide web
Proceedings of the 20th international conference on World wide web
Detecting and analyzing automated activity on twitter
PAM'11 Proceedings of the 12th international conference on Passive and active measurement
Design and Evaluation of a Real-Time URL Spam Filtering Service
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Phoolproof phishing prevention
FC'06 Proceedings of the 10th international conference on Financial Cryptography and Data Security
SMSAssassin: crowdsourcing driven mobile-based system for SMS spam filtering
Proceedings of the 12th Workshop on Mobile Computing Systems and Applications
On word-of-mouth based discovery of the web
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
Credibility ranking of tweets during high impact events
Proceedings of the 1st Workshop on Privacy and Security in Online Social Media
Short links under attack: geographical analysis of spam in a URL shortener network
Proceedings of the 23rd ACM conference on Hypertext and social media
Faking Sandy: characterizing and identifying fake images on Twitter during Hurricane Sandy
Proceedings of the 22nd international conference on World Wide Web companion
Two years of short URLs internet measurement: security threats and countermeasures
Proceedings of the 22nd international conference on World Wide Web
Stranger danger: exploring the ecosystem of ad-based URL shortening services
Proceedings of the 23rd international conference on World wide web
| Hi-index | 0.01 |
Size, accessibility, and rate of growth of Online Social Media (OSM) has attracted cyber crimes through them. One form of cyber crime that has been increasing steadily is phishing, where the goal (for the phishers) is to steal personal information from users which can be used for fraudulent purposes. Although the research community and industry has been developing techniques to identify phishing attacks through emails and instant messaging (IM), there is very little research done, that provides a deeper understanding of phishing in online social media. Due to constraints of limited text space in social systems like Twitter, phishers have begun to use URL shortener services. In this study, we provide an overview of phishing attacks for this new scenario. One of our main conclusions is that phishers are using URL shorteners not only for reducing space but also to hide their identity. We observe that social media websites like Facebook, Habbo, Orkut are competing with e-commerce services like PayPal, eBay in terms of traffic and focus of phishers. Orkut, Habbo, and Facebook are amongst the top 5 brands targeted by phishers. We study the referrals from Twitter to understand the evolving phishing strategy. A staggering 89% of references from Twitter (users) are inorganic accounts which are sparsely connected amongst themselves, but have large number of followers and followees. We observe that most of the phishing tweets spread by extensive use of attractive words and multiple hashtags. To the best of our knowledge, this is the first study to connect the phishing landscape using blacklisted phishing URLs from PhishTank, URL statistics from bit.ly and cues from Twitter to track the impact of phishing in online social media.