inside the scam jungle
play

Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations - PowerPoint PPT Presentation

May 28, 2023 •436 likes •804 views

Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations Jelena Isacenkova Olivier Thonard Andrei Costin Aurelien Francillon Davide Balzarotti Nigerian Scam Trap 2 Nigerian Scam Trap 3 Spam vs. 419 Scam 419 SCAM SPAM

  1. Inside the SCAM Jungle: A Closer Look at 419 Scam Email Operations Jelena Isacenkova Olivier Thonard Andrei Costin Aurelien Francillon Davide Balzarotti

  2. Nigerian Scam Trap 2

  3. Nigerian Scam Trap 3

  4. Spam vs. 419 Scam 419 SCAM SPAM Low-volume High-volume ― ― Hide behind webmail accounts Highly dynamic infrastructure ― ― Manual sending Automated sending ― ― Trap with social engineering Trap victims through engineering ― ― techniques effort Contact with victims via emails Contact with victims over URLs ― ― and/or phone numbers 4

  5. Why we study campaigns ― The goal: – identify and characterize 419 scam campaigns – find predictive scam email features ― Our assumptions: – Scam is likely sent in campaigns, like Spam – Emails and phone numbers are personal scammer assets (Costin et al., PST'13) => linking features 5

  6. Outline ― Dataset ― Methodology ― Experimental results ― Conclusions 6

  7. Dataset 7

  8. Dataset ― Public data from 419scam.org ― From January 2009 till August 2012 ― 36,761 scam messages ― 12 countries (Europe, Africa and Asia) ― 34,723 unique email addresses ― 11,738 unique phone numbers 8

  9. Scam origins by phone numbers 9

  10. Scam origins by phone numbers Nigeria – 30% Benin – 14% South Africa – 5% 10

  11. Scam origins by phone numbers UK Nigeria – 30% Personal Numbering Services (PNS) Benin – 14% South Africa – 5% 11

  12. Scam origins by phone numbers UK Nigeria – 30% Personal Numbering Services (PNS) Benin – 14% Spain – 4% Netherlands – 3% South Africa – 5% 12

  13. Data categories 13

  14. Methodology 14

  15. TRIAGE ― Security data mining framework (Thonnard et al. at RAID'10, CEAS'11, RAID'12) ― Multi-dimentional clustering ― Links common elements together forming clusters/campaigns 15

  16. TRIAGE, part 2 16

  17. Experimental results 17

  18. Campaigns 1,040 campaigns identified, with at least 5 messages each ― Top 250 campaigns on average: ― – Long and scarce: last for one year and have only 28 active days – Small (38 emails): keep low-volume , could be unorganized – Use 2 phone numbers – Use 6 Reply-To email addresses – Use 14 From email addresses 18

  19. Re-use of emails and phones 19

  20. Re-use of emails and phones Being re-used on average 2,5 months Being re-used on average 6 months 20

  21. Examples 21

  22. 22

  23. Main traits: Single phone number Two campaign topics Long lived 83 emails 23

  24. Fake lottery 1 year 24

  25. “Eskom generates approximately 95% of the electricity used in South Africa and approximately 45% of the electricity used in Africa.”, - Escom

  26. Different topics over time Main traits: Topics change Monthly package of emails Single phone number 58 emails

  27. Different topics over time Main traits: Topics change December January Monthly package of emails Single phone number 58 emails November February March

  28. iPhone campaign Main traits: One topic Two phone numbers Big re-used email package 190 emails

  29. Macro-clusters ― Link strongly connected clusters into loosely connected ― Linked through emails and/or phone numbers ― 62 macro-clusters, 195 inter-connected clusters 29

  30. Top macro-clusters ― Some are organized groups operating on international scale ― Fake lottery scam is primarily run by scammers located in Europe that are connected with African scammer groups 30

  31. Clusters by countries ― Majority of unclustered data present isolated African actors => unorganized ― Macro-clusters cover African and many European actors => bigger organized groups covering Western markets 31

  32. Clusters by countries Unclustered: ― Majority of unclustered data stealthy or isolated scammers present isolated African actors => unorganized ― Macro-clusters cover African and many European actors => bigger organized groups covering Western markets 32

  33. Clusters by countries Unclustered: ― Majority of unclustered data stealthy or isolated scammers present isolated African actors => unorganized ― Macro-clusters cover African and many European actors => bigger organized groups covering Western markets Organized 33

  35. Conclusions Emails and phone numbers play a crucial role in Nigerian email scam – Campaigns are long and scarce – Scammers hide behind webmail and forwarded phones – Scam campaigns differ in their infrastructure, orchestration and modus operandi – Different scammers probably compete for trendy topics, thus changing topics over time 35

  36. 36

Recommend

Scams Awareness Month July 2016 Did you know? A scam is a scheme to con people out of their

Scams Awareness Month July 2016 Did you know? A scam is a scheme to con people out of their

Scams Awareness Month July 2016 Did you know? A scam is a scheme to con people out of their money. Other names for a scam include fraud, hoax, con, swindle, cheat. Each year millions of people in the UK fall prey to scammers.

729 views • 14 slides
What is Jungle Beat? Remember when kids were kids and

What is Jungle Beat? Remember when kids were kids and

What is Jungle Beat? Remember when kids were kids and playing meant grass burns, bare feet and muddy faces? Jungle Beat is a fun,

722 views • 39 slides
Finding your way through the QEMU parameter jungle 2018-02-04 Thomas Huth

Finding your way through the QEMU parameter jungle 2018-02-04 Thomas Huth

Finding your way through the QEMU parameter jungle 2018-02-04 Thomas Huth <thuth@redhat.com> Legal Disclaimer: Opinions are my own and not necessarily the views of my employer Jungle Leaves background license: CC BY 3.0 US

492 views • 28 slides
Are you scam aware? Citizens Advice Cornwall Wailim Wong - Campaigns and Communications Officer

Are you scam aware? Citizens Advice Cornwall Wailim Wong - Campaigns and Communications Officer

Are you scam aware? Citizens Advice Cornwall Wailim Wong - Campaigns and Communications Officer #scamaware Scams Awareness Fortnight 15 - 28 June 2020 A scam is a scheme to con people out of their money. 7 out of 10 people have been

378 views • 14 slides
Scam Alert ! What to Look For and How to Protect Yourself A Presentation by Christopher Gallo,

Scam Alert ! What to Look For and How to Protect Yourself A Presentation by Christopher Gallo,

Scam Alert ! What to Look For and How to Protect Yourself A Presentation by Christopher Gallo, CPA to the Rotary Club of Bridgeport January 21, 2020 A Few Caveats I will be moving very quickly through this material The

470 views • 32 slides
(Towards) Jungle Computing with Ibis Frank J. Seinstra, Jason Maassen, Niels Drost Computer

(Towards) Jungle Computing with Ibis Frank J. Seinstra, Jason Maassen, Niels Drost Computer

(Towards) Jungle Computing with Ibis Frank J. Seinstra, Jason Maassen, Niels Drost Computer Systems Group Department of Computer Science VU University, Amsterdam, The Netherlands Jungle Computing (ComplexHPC) Worst case computing as

522 views • 24 slides
The Jungle Universe About scales and physics in the cosmos Simon Portegies Zwart Sterrewacht

The Jungle Universe About scales and physics in the cosmos Simon Portegies Zwart Sterrewacht

The Jungle Universe About scales and physics in the cosmos Simon Portegies Zwart Sterrewacht Leiden Observation of the early universe (WMAP) Abel1689 Stephen's quintuplet The universe is multi-physics The universe is multi-scale Jungle

578 views • 44 slides
Original Concept Anne Quenton Reinterpretation of the Jungle Book Post-apocalyptic universe

Original Concept Anne Quenton Reinterpretation of the Jungle Book Post-apocalyptic universe

Original Concept Anne Quenton Reinterpretation of the Jungle Book Post-apocalyptic universe Humanod animals Original Concept Original Concept Interest The Jungle Book: part of the popular culture Offer an accessible and effective game

493 views • 30 slides
The Android security jungle: pitfalls, threats and survival tips Scott Alexander-Bown @scottyab

The Android security jungle: pitfalls, threats and survival tips Scott Alexander-Bown @scottyab

The Android security jungle: pitfalls, threats and survival tips Scott Alexander-Bown @scottyab The Jungle Ecosystem Googles protection Threats Risks Survival Network Data protection (encryption) App/device

888 views • 45 slides
Scam mail prize draws, lotteries and clairvoyants RBWM Case Study: Mr C Mail Scams RBWM

Scam mail prize draws, lotteries and clairvoyants RBWM Case Study: Mr C Mail Scams RBWM

Scam mail prize draws, lotteries and clairvoyants RBWM Case Study: Mr C Mail Scams RBWM Case Study: Mrs P Vitamin scam Nuisance calls RBWM Case Study: Mr J Nuisance Calls Day Centre Domestic support Neighbours Family Carers

268 views • 9 slides
A Comparison of Code Similarity Analyzers C. Ragkhitwetsagul, J. Krinke, D. Clark SCAM 16,

A Comparison of Code Similarity Analyzers C. Ragkhitwetsagul, J. Krinke, D. Clark SCAM 16,

A Comparison of Code Similarity Analyzers C. Ragkhitwetsagul, J. Krinke, D. Clark SCAM 16, EMSE (under reviewed) 1 Photo: https://c1.staticflickr.com/1/316/31831180223_38db905f28_c.jpg When source code is copied and modified, which

526 views • 30 slides
ESC SCAM AMBIA C A COUNTY ESCAMBIA COUNTY, FLORIDA 2020-21 PROPOSED BUDGET July 14 15 ESC

ESC SCAM AMBIA C A COUNTY ESCAMBIA COUNTY, FLORIDA 2020-21 PROPOSED BUDGET July 14 15 ESC

ESC SCAM AMBIA C A COUNTY ESCAMBIA COUNTY, FLORIDA 2020-21 PROPOSED BUDGET July 14 15 ESC SCAM AMBIA C A COUNTY Escambia County Proposed Budget Fiscal Year 2020-21 TOTAL BUDGET $ in Thousands 600,000 537,009 436,582 455,840 477,164

1.2k views • 75 slides
Everything You Ever Wanted to Know about Consumer Protection and Scam Prevention but Were Afraid to

Everything You Ever Wanted to Know about Consumer Protection and Scam Prevention but Were Afraid to

Everything You Ever Wanted to Know about Consumer Protection and Scam Prevention but Were Afraid to Ask Tamara Weaver Deputy Attorney General Consumer Protection Division Office of Attorney General Curtis Hill 317-234-7122

768 views • 39 slides
awa aware re? Citizens Advice Bournemouth, Christchurch & Poole Tom Lund #scamawa aware

awa aware re? Citizens Advice Bournemouth, Christchurch & Poole Tom Lund #scamawa aware

Ar Are yo e you u sc scam am awa aware re? Citizens Advice Bournemouth, Christchurch & Poole Tom Lund #scamawa aware re Scams Awareness Fortnight 15 - 28 June 2020 A sc A scam m is is a sc sche heme me to to con n pe

398 views • 17 slides
IMC Presentation Recommendation Adopt Inside Out and Back Again by Thanhha Lai Adopt One

IMC Presentation Recommendation Adopt Inside Out and Back Again by Thanhha Lai Adopt One

7 th Grade Novels IMC Presentation Recommendation Adopt Inside Out and Back Again by Thanhha Lai Adopt One Crazy Summer by Rita Williams Garcia Inside Out and Back Again by Thanhha Lai Inside Out and Back Again- Student Response Inside

577 views • 23 slides
D Dynamics of i f O li Online Scam S Hosting Infr Hosting Infr rastructure rastructure

D Dynamics of i f O li Online Scam S Hosting Infr Hosting Infr rastructure rastructure

D Dynamics of i f O li Online Scam S Hosting Infr Hosting Infr rastructure rastructure Maria Konte, N Nick Feamster Georgi a Tech Jaeyeo on Jung Intel Re esearch Online Scams Online Scams Often advertised in spam p m

450 views • 17 slides
social media apps of concern As we make our way through the jungle of applications (apps)

social media apps of concern As we make our way through the jungle of applications (apps)

social media apps of concern As we make our way through the jungle of applications (apps) available on the various markets, there are some that have risen to the top in regards to inappropriate behavior and dangerous activity for children, teens,

614 views • 6 slides
The Assessment of Fit in the Class of Logistic Regression Models: A Pathway out of the Jungle of

The Assessment of Fit in the Class of Logistic Regression Models: A Pathway out of the Jungle of

The Assessment of Fit in the Class of Logistic Regression Models: A Pathway out of the Jungle of Pseudo-Rs Using Stata Meeting of the German Stata User Group at GESIS in Cologne, June 10th, 2016 Models are to be used, but not to be

413 views • 23 slides
Graphs "Graph theory is a terminological jungle, in which any newcomer may plant a

Graphs "Graph theory is a terminological jungle, in which any newcomer may plant a

9/3/19 DCS/CSCI 2350: Social & Economic Networks Graphs Reading: Ch 2 (Easley-Kleinberg) Mohammad T . Irfan Email: mirfan@bowdoin.edu Graphs "Graph theory is a terminological jungle, in which any newcomer may plant a tree."

518 views • 8 slides
Scam Prevention Dutchess County Office for the Aging Marcus J. Molinaro, County Executive Todd

Scam Prevention Dutchess County Office for the Aging Marcus J. Molinaro, County Executive Todd

Scam Prevention Dutchess County Office for the Aging Marcus J. Molinaro, County Executive Todd N. Tancredi, Director Scams have been around since... ...even in Dutchess County. Traveling medicine show, downtown Rhinebeck, late 19 th century

663 views • 30 slides
PRESENTATION OUTLINE: Adaptation of a parallel Random Jungle (RJ) algorithm empowered by Coarse

PRESENTATION OUTLINE: Adaptation of a parallel Random Jungle (RJ) algorithm empowered by Coarse

PRESENTATION OUTLINE: Adaptation of a parallel Random Jungle (RJ) algorithm empowered by Coarse Grain Parallel computing for Cloud environment for Genome-Wide Association Studies(GWAS). Maria Pospelova School of Computer Science Carleton

684 views • 3 slides
From Data to Effects Dependence Graphs: Source-to-Source Transformations for C SCAM 2016 Nelson

From Data to Effects Dependence Graphs: Source-to-Source Transformations for C SCAM 2016 Nelson

From Data to Effects Dependence Graphs: Source-to-Source Transformations for C SCAM 2016 Nelson Lossing Pierre Guillou Franois Irigoin firstname.lastname@mines-paristech.fr MINES ParisTech, PSL Research University October 3, 2016 -

421 views • 28 slides
Fraud and Phishing Scam Response Arrangements in Brazil Marcelo H. P . C. Chaves mhp@cert.br

Fraud and Phishing Scam Response Arrangements in Brazil Marcelo H. P . C. Chaves mhp@cert.br

Fraud and Phishing Scam Response Arrangements in Brazil Marcelo H. P . C. Chaves mhp@cert.br Computer Emergency Response Team Brazil CERT.br http://www.cert.br/ Brazilian Internet Steering Committee http://www.cgi.br/ October 2005 FIRST

443 views • 25 slides
(Towards) Programming Models for Jungle Computing Jason Maassen Computer Systems Group

(Towards) Programming Models for Jungle Computing Jason Maassen Computer Systems Group

(Towards) Programming Models for Jungle Computing Jason Maassen Computer Systems Group Department of Computer Science VU University, Amsterdam, The Netherlands Requirements (revisited) Resource independence Transparent / easy

679 views • 22 slides

More recommend