Renushka Madarie,Christianne de Poot,Marleen Weulen Kranenbarg

DOI: https://doi.org/10.3389/fdata.2023.1320569

2023-12-22

Frontiers in Big Data

Abstract:Introduction Few studies have examined the sales of stolen account credentials on darkweb markets. In this study, we tested how advertisement characteristics affect the popularity of illicit online advertisements offering account credentials. Unlike previous criminological research, we take a novel approach by assessing the applicability of knowledge on regular consumer behaviours instead of theories explaining offender behaviour. Methods We scraped 1,565 unique advertisements offering credentials on a darkweb market. We used this panel data set to predict the simultaneous effects of the asking price, endorsement cues and title elements on advertisement popularity by estimating several hybrid panel data models. Results Most of our findings disconfirm our hypotheses. Asking price did not affect advertisement popularity. Endorsement cues, including vendor reputation and cumulative sales and views, had mixed and negative relationships, respectively, with advertisement popularity. Discussion Our results might suggest that account credentials are not simply regular products, but high-risk commodities that, paradoxically, become less attractive as they gain popularity. This study highlights the necessity of a deeper understanding of illicit online market dynamics to improve theories on illicit consumer behaviours and assist cybersecurity experts in disrupting criminal business models more effectively. We propose several avenues for future experimental research to gain further insights into these illicit processes.

Masarah Paquet-Clouston,Serge-Olivier Paquette,Sebastián García,María José Erquiaga

DOI: https://doi.org/10.1093/cybsec/tyac010

2022-02-03

Abstract:Many activities related to cybercrime operations do not require much secrecy, such as developing websites or translating texts. This research provides indications that many users of a popular public internet marketing forum have connections to cybercrime. It does so by investigating the involvement in cybercrime of a population of users interested in internet marketing, both at a micro and macro scale. The research starts with a case study of three users confirmed to be involved in cybercrime and their use of the public forum where users share information about online advertising. It provides a first glimpse that some business with cybercrime connection is being conducted in the clear. The study then pans out to investigate the forum population's ties with cybercrime by finding crossover users, who are users from the public forum who also comment on cybercrime forums. The cybercrime forums on which they discuss are analyzed and crossover users' strength of participation is reported. Also, to assess if they represent a sub-group of the forum population, their posting behavior on the public forum is compared with that of non-crossover users. This blend of analyses shows that (i) a minimum of 7.2% of the public forum population are crossover users that have ties with cybercrime forums; (ii) their participation in cybercrime forums is limited; and (iii) their posting behavior is relatively indistinguishable from that of non-crossover users. This is the first study to formally quantify how users of an internet marketing public forum, a space for informal exchanges, have ties to cybercrime activities. We conclude that crossover users are a substantial part of the population in the public forum, and, even though they have thus far been overlooked, their aggregated effect in the ecosystem must be considered.

Computers and Society,Cryptography and Security

Marshall S. Rich

DOI: https://doi.org/10.3390/analytics2030035

2023-08-11

Analytics

Abstract:The rapid proliferation of cyberthreats necessitates a robust understanding of their evolution and associated tactics, as found in this study. A longitudinal analysis of these threats was conducted, utilizing a six-year data set obtained from a deception network, which emphasized its significance in the study’s primary aim: the exhaustive exploration of the tactics and strategies utilized by cybercriminals and how these tactics and techniques evolved in sophistication and target specificity over time. Different cyberattack instances were dissected and interpreted, with the patterns behind target selection shown. The focus was on unveiling patterns behind target selection and highlighting recurring techniques and emerging trends. The study’s methodological design incorporated data preprocessing, exploratory data analysis, clustering and anomaly detection, temporal analysis, and cross-referencing. The validation process underscored the reliability and robustness of the findings, providing evidence of increasingly sophisticated, targeted cyberattacks. The work identified three distinct network traffic behavior clusters and temporal attack patterns. A validated scoring mechanism provided a benchmark for network anomalies, applicable for predictive analysis and facilitating comparative study of network behaviors. This benchmarking aids organizations in proactively identifying and responding to potential threats. The study significantly contributed to the cybersecurity discourse, offering insights that could guide the development of more effective defense strategies. The need for further investigation into the nature of detected anomalies was acknowledged, advocating for continuous research and proactive defense strategies in the face of the constantly evolving landscape of cyberthreats.

Michael L. Chohaney,Kimberly A. Panozzo

DOI: https://doi.org/10.1111/gere.12225

2018-01-01

Geographical Review

Abstract:Ashley Madison(.com) has earned several million dollars facilitating extramarital affairs online; however, the market determinants of online infidelity matchmaking have not been researched. The now‐infamous customer data breach in 2015 provided a unique opportunity to analyze a large population of individuals (N=702,309) who paid to engage in extramarital affairs using Ashley Madison. Aggregating this sensitive data into spatial units, we measured the relationship between several theorized market determinants and Ashley Madison subscription and spending rates in major United States markets. We found income is the leading market determinant for internet‐facilitated infidelity, indicating the service behaves as a luxury good; further, several characteristics related to infidelity at the individual‐level were also significant, including the negative relationship between religiosity and infidelity. Strong regression model performance suggests these results are robust insights into the market for online infidelity‐matchmaking.

geography

Michael R. Ward,Yu-Ching Chen

DOI: https://doi.org/10.48550/arXiv.cs/0109053

2001-09-24

Computers and Society

Abstract:Consumers value keeping some information about them private from potential marketers. E-commerce dramatically increases the potential for marketers to accumulate otherwise private information about potential customers. Online marketers claim that this information enables them to better market their products. Policy makers are currently drafting rules to regulate the way in which these marketers can collect, store, and share this information. However, there is little evidence yet either of consumers' valuation of their privacy or of the benefits they might reap through better target marketing. We provide a framework for measuring a portion of the benefits from allowing marketers to make better use of consumer information. Target marketing is likely to reduce consumer search costs, improve consumer product selection decisions, and lower the marketing costs of goods sold. Our model allows us to estimate the value to consumers of only the latter, price reductions from more efficient marketing.

Michael Trusov,Liye Ma,Zainab Jamal

DOI: https://doi.org/10.1287/mksc.2015.0956

2016-05-01

Marketing Science

Abstract:User profile is a summary of a consumer’s interests and preferences revealed through the consumer’s online activity. It is a fundamental component of numerous applications in digital marketing. McKinsey & Company view online user profiling as one of the promising opportunities companies should take advantage of to unlock “big data’s” potential. This paper proposes a modeling approach that uncovers individual user profiles from online surfing data and allows online businesses to make profile predictions when limited information is available. The approach is easily parallelized and scales well for processing massive records of user online activity. We demonstrate application of our approach to customer-base analysis and display advertising. Our empirical analysis uncovers easy-to-interpret behavior profiles and describes the distribution of such profiles. Furthermore, it reveals that even for information-rich online firms profile inference that is based solely on their internal data may produce biased results. We find that although search engines cover smaller portions of consumer Web visits than major advertising networks, their data is of higher quality. Thus, even with the smaller information set, search engines can effectively recover consumer behavioral profiles. We also show that temporal limitations imposed on individual-level tracking abilities are likely to have a differential impact across major online businesses, and that our approach is particularly effective for temporally limited data. Using economic simulation we demonstrate potential gains the proposed model may offer a firm if used in individual-level targeting of display ads. Data, as supplemental material, are available at http://dx.doi.org/10.1287/mksc.2015.0956 .

business

L. M. J. Bekkers,A. Moneva,E. R. Leukfeldt

DOI: https://doi.org/10.1007/s11292-022-09537-7

2022-11-05

Journal of Experimental Criminology

Abstract:Examine the level of engagement of young users with money mule recruitment ads on Instagram. Three ads reflecting key cybercrime involvement mechanisms and targeting Dutch user clusters were run on two Instagram placements. By means of this quasi-experimental 3 × 2 factorial design, we were able to analyze the reach and views of the ads, click-through rates, gender of the participants, and temporal distributions of user engagement.

criminology & penology

Anargyros Chrysanthou,Yorgos Pantis,Constantinos Patsakis

2023-10-05

Abstract:In an era dominated by digital interactions, phishing campaigns have evolved to exploit not just technological vulnerabilities but also human traits. This study takes an unprecedented deep dive into large-scale phishing campaigns aimed at Meta's users, offering a dual perspective on the technical mechanics and human elements involved. Analysing data from over 25,000 victims worldwide, we highlight the nuances of these campaigns, from the intricate techniques deployed by the attackers to the sentiments and behaviours of those who were targeted. Unlike prior research conducted in controlled environments, this investigation capitalises on the vast, diverse, and genuine data extracted directly from active phishing campaigns, allowing for a more holistic understanding of the drivers, facilitators, and human factors. Through the application of advanced computational techniques, including natural language processing and machine learning, this work unveils critical insights into the psyche of victims and the evolving tactics of modern phishers. Our analysis illustrates very poor password selection choices from the victims but also persistence in the revictimisation of a significant part of the users. Finally, we reveal many correlations regarding demographics, timing, sentiment, emotion, and tone of the victims' responses.

Cryptography and Security

Sofie Goethals,Sandra Matz,Foster Provost,Yanou Ramon,David Martens

DOI: https://doi.org/10.48550/arXiv.2312.15000

2023-12-23

Abstract:Our online lives generate a wealth of behavioral records -'digital footprints'- which are stored and leveraged by technology platforms. This data can be used to create value for users by personalizing services. At the same time, however, it also poses a threat to people's privacy by offering a highly intimate window into their private traits (e.g., their personality, political ideology, sexual orientation). Prior work has proposed a potential remedy: The cloaking of users' footprints. That is, platforms could allow users to hide portions of their digital footprints from predictive algorithms to avoid undesired inferences. While such an approach has been shown to offer privacy protection in the moment, there are two open questions. First, it remains unclear how well cloaking performs over time. As people constantly leave new digital footprints, the algorithm might regain the ability to predict previously cloaked traits. Second, cloaking digital footprints to avoid one undesirable inference may degrade the performance of models for other, desirable inferences (e.g., those driving desired personalized content). In the light of these research gaps, our contributions are twofold: 1) We propose a novel cloaking strategy that conceals 'metafeatures' (automatically generated higher-level categories) and compares its effectiveness against existing cloaking approaches, and 2) we test the spill-over effects of cloaking one trait on the accuracy of inferences on other traits. A key finding is that the effectiveness of cloaking degrades over times, but the rate at which it degrades is significantly smaller when cloaking metafeatures rather than individual footprints. In addition, our findings reveal the expected trade-off between privacy and personalization: Cloaking an undesired trait also partially conceals other desirable traits.

Computers and Society

P. VELMURUGADASS

DOI: https://doi.org/10.55041/ijsrem12419

2022-05-07

INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT

Abstract:Internet could be a major supply of spreading terrorist act through speeches and videos. Terrorist organizations use net particularly social networks to brain wash people and promote terrorist activities through provocative websites that inspire helpless individuals to affix terrorist organizations. Therefore, here we have a tendency to propose Associate in Nursing economical net data processing system to observe such net properties and flag them mechanically for human review. websites are created from hypertext mark-up language (Hypertext markup language). In numerous arrangements and have pictures, texts etc., intermixed on a single website. Here, we have a tendency to used data processing further as net mining to observe patterns and mine out matter info on websites. Here, we have a tendency to are victimization E-mail System to observe the unwanted messages that are additional prone to terrorist act and can send to the spam on to the recipient who is victimization the system. Despite the speedy increase of cyber threats, there has still been very little analysis into the foundations of the topic or methodologies that would serve to guide info systems researchers and practitioners UN agency touch upon cybersecurity. additionally, very little is thought regarding crime- as-a-service (CaaS), a criminal business model that underpins the crime underground. This analysis gap and also the sensible cybercrime issues we have a tendency to face have impelled North American nation to research the crime underground economy by taking an information analytics approach from a style science perspective. to realize this goal, we: (1) propose a data analysis framework for analyzing the crime underground; (2) propose CaaS and crimeware definitions; (3) propose Associate in Nursing associated classification model, Associate in Nursingd (4) develop an example application to demonstrate however the planned framework and classification model might be enforced in apply. We then use this application to research the crime underground economy by analyzing an oversized knowledge set obtained from the net hacking community. By taking a style science analysis approach, this paper contributes to the planning of the email phishing in the area of cybercrime and the area is to fulfill the data security to the email messages consisting the data and providing them the security using the naïve bayes to planning the International Journal of Scientific Research in Engineering and Management (IJSREM) Volume: 06 Issue: 05 | May - 2022 Impact Factor: 7.185 ISSN: 2582-3930 © 2022, IJSREM | www.ijsrem.com DOI: 10.55041/IJSREM12419 | Page 2 industries will harden attacks by the crime underground. Among these, one of the attack is the email phishing. Keywords: CAAS (Crimeware-as-a-Service), ICMP (Internet Control Message Protocol), IRC (Internet Relay Chat), MIB (Management Information Base), CVE (Common Vulnerabilities and Exposures).

Jacob Quibell

2024-05-19

Abstract:Cybercrime is estimated to cost the global economy almost \$10 trillion annually and with businesses and governments reporting an ever-increasing number of successful cyber-attacks there is a growing demand to rethink the strategy towards cyber security. The traditional, perimeter security approach to cyber defence has so far proved inadequate to combat the growing threat of cybercrime. Cyber deception offers a promising alternative by creating a dynamic defence environment. Deceptive techniques aim to mislead attackers, diverting them from critical assets whilst simultaneously gathering cyber threat intelligence on the threat actor. This article presents a proof-of-concept (POC) cyber deception system that has been developed to capture the profile of an attacker in-situ, during a simulated cyber-attack in real time. By dynamically and autonomously generating deception material based on the observed attacker behaviour and analysing how the attacker interacts with the deception material, the system outputs a prediction on the attacker's motive. The article also explores how this POC can be expanded to infer other features of the attacker's profile such as psychological characteristics. By dynamically and autonomously generating deception material based on observed attacker behaviour and analysing how the attacker interacts with the deception material, the system outputs a prediciton on the attacker's motive. The article also explores how this POC can be expanded to infer other features of the attacker's profile such as psychological characteristics.

Cryptography and Security

Sebastian Wachs,Anna Michelsen,Michelle F Wright,Manuel Gámez-Guadix,Carmen Almendros,Yeji Kwon,Eun-Yeong Na,Ruthaychonnee Sittichai,Ritu Singh,Ramakrishna Biswal,Anke Görzig,Takuya Yanagida

DOI: https://doi.org/10.1089/cyber.2019.0426

Abstract:Little attention has been given academically to empirically tested theoretical frameworks that aim at measuring the risk of adolescents falling victim to cybergrooming. To this end, we have applied the routine activity theory (RAT) to investigate whether exposure to motivated offenders (PC/laptop ownership and Internet access in one's own bedroom), capable guardianship (parental mediation strategies of Internet use), and target suitability (adolescents' online disclosure of private information) might predict cybergrooming victimization among adolescents. Using data from a cross-sectional survey of 5,938 adolescents from Germany, India, South Korea, Spain, Thailand, and the United States, ranging in age from 12 to 18 (M = 14.77, SD = 1.60), we found that PC/laptop ownership and Internet access in one's own bedroom, parental mediation, and online disclosure are all directly associated with cybergrooming victimization. Although instructive parental mediation is negatively related to online disclosure and cybergrooming victimization, restrictive mediation is positively related to both. In addition, online disclosure partially mediated the relationship between parental mediation and cybergrooming victimization. The analyses confirm the effectiveness of applying RAT to cybergrooming. Moreover, this study highlights the need for prevention programs, including lessons on age-appropriate information and communication technology usage and access, to educate parents on using instructive strategies of Internet mediation, and inform adolescents about how to avoid disclosing too much private information online. RAT could function as a theoretical framework for these programs.

Robert Grimm

2024-12-12

Abstract:Alarmist and sensationalist statements about the "explosion" of online child sexual exploitation or CSE dominate much of the public discourse about the topic. Based on a new dataset collecting the transparency disclosures for 16 US-based internet platforms and the national clearinghouse collecting legally mandated reports about CSE, this study seeks answers to two research questions: First, what does the data tell us about the growth of online CSE? Second, how reliable and trustworthy is that data? To answer the two questions, this study proceeds in three parts. First, we leverage a critical literature review to synthesize a granular model for CSE reporting. Second, we analyze the growth in CSE reports over the last 25 years and correlate it with the growth of social media user accounts. Third, we use two comparative audits to assess the quality of transparency data. Critical findings include: First, US law increasingly threatens the very population it claims to protect, i.e., children and adolescents. Second, the rapid growth of CSE report over the last decade is linear and largely driven by an equivalent growth in social media user accounts. Third, the Covid-19 pandemic had no statistically relevant impact on report volume. Fourth, while half of surveyed organizations release meaningful and reasonably accurate transparency data, the other half either fail to make disclosures or release data with severe quality issues.

Computers and Society,Human-Computer Interaction,Social and Information Networks

Jody Farnden,Ben Martini,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.48550/arXiv.1505.02906

2015-05-12

Abstract:Dating apps for mobile devices, one popular GeoSocial app category, are growing increasingly popular. These apps encourage the sharing of more personal information than conventional social media apps, including continuous location data. However, recent high profile incidents have highlighted the privacy risks inherent in using these apps. In this paper, we present a case study utilizing forensic techniques on nine popular proximity-based dating apps in order to determine the types of data that can be recovered from user devices. We recover a number of data types from these apps that raise concerns about user privacy. For example, we determine that chat messages could be recovered in at least half of the apps examined and, in some cases, the details of any users that had been discovered nearby could also be extracted.

Computers and Society

Jenna Jacobson,Anatoliy Gruzd,Angel Hernandez-Garcia

DOI: https://doi.org/10.32920/14636028

2021-05-21

Abstract:The ready access to and availability of social media has opened up a wealth of data that marketers are leveraging for strategic insight and digital marketing. Yet there is a lack of professional norms regarding the use of social media in marketing and a gap in understanding consumers’ comfort with marketers’ use of their social media data. This study analyzes a census-balanced sample of online adults (n=751) to identify consumers’ perceptions of using social media data for marketing purposes. The research finds that consumers’ perceived risks and benefits of using social media have a relationship with their comfort with marketers using their publicly available social media data. The research extends the applicability of communication privacy management theory to social media and introduces marketing comfort—a new construct of high importance for future marketing research. Marketing comfort refers to an individual’s comfort with the use of information posted publicly on social media for targeted advertising, customer relations, and opinion mining. In the context of the construct development, we find that targeted advertising is the strongest contributing component to marketing comfort, relative to the other two dimensions: opinion mining and customer relations. By understanding what drives consumer comfort with this emerging marketing practice, the research proposes strategies for marketers that can support and mitigate consumers’ concerns so that consumers can maintain trust in marketers’ digital practice

Laura Xiaolei Liu,Yufei Liu,Xinghua Ruan,Yu Zhang

DOI: https://doi.org/10.2139/ssrn.3991369

2020-01-01

Abstract:Cyber-telecom fraud is an increasingly severe problem globally. We focus on a special type of cyber-telecom financial fraud, where criminals induce innocent people to borrow online. Since there are no digital footprints available for the fraudsters behind the borrowing cases, identifying them is difficult. Using a proprietary dataset of online consumer financing from a large Fintech company in China, we estimate to what extent interventions based on big data and machine learning techniques can identify this type of fraud and prevent customers’ financial losses. Female borrowers are more likely to be fraud victims. Young and inexperienced users are more likely to be subject to fraud schemes that target a lack of financial literacy. Experienced and inexperienced users are equally likely to be subject to fraud schemes targeting overconfidence. The intervention is effective on frauds targeting either financial literacy or behavioral biases. However, it takes longer to persuade victims of fraud targeting behavioral biases.

Anargyros Chrysanthou,Yorgos Pantis,Constantinos Patsakis

DOI: https://doi.org/10.1016/j.cose.2024.103780

IF: 5.105

2024-02-25

Computers & Security

Abstract:In an era dominated by digital interactions, phishing campaigns have evolved to exploit not just technological vulnerabilities but also human traits. This study takes an unprecedented deep dive into large-scale phishing campaigns aimed at Meta's users, offering a dual perspective on the technical mechanics and human elements involved. Analysing data from over 25,000 victims worldwide, we highlight the nuances of these campaigns, from the intricate techniques deployed by the attackers to the sentiments and behaviours of those targeted. Unlike prior research conducted in controlled environments, this investigation capitalises on the vast, diverse, and genuine data extracted directly from active phishing campaigns, allowing for a more holistic understanding of the drivers, facilitators, and human factors. Through applying advanced computational techniques, including natural language processing and machine learning, this work unveils critical insights into the psyche of victims and the evolving tactics of modern phishers. Our analysis illustrates very poor password selection choices from the victims, with 30.27% of them picking low-complexity passwords and 58.23% reusing leaked passwords. Additionally, more than 10% exhibit strong persistence in re-victimisation by posting again to the phishing platforms of the same phishers. Finally, we reveal many correlations regarding demographics and the time periods when victims are more vulnerable during the day, as well as analyse the sentiment, emotion, and tone of text responses that they submitted, illustrating how convinced they were of the scam.

computer science, information systems

Michele Campobasso,Luca Allodi

DOI: https://doi.org/10.48550/arXiv.2303.03249

2023-03-06

Cryptography and Security

Abstract:In this paper we exploit market features proper of a leading Russian cybercrime market for user impersonation at scale to evaluate attacker preferences when purchasing stolen user profiles, and the overall economic activity of the market. We run our data collection over a period of $161$ days and collect data on a sample of $1'193$ sold user profiles out of $11'357$ advertised products in that period and their characteristics. We estimate a market trade volume of up to approximately $700$ profiles per day, corresponding to estimated daily sales of up to $4'000$ USD and an overall market revenue within the observation period between $540k$ and $715k$ USD. We find profile provision to be rather stable over time and mainly focused on European profiles, whereas actual profile acquisition varies significantly depending on other profile characteristics. Attackers' interests focus disproportionally on profiles of certain types, including those originating in North America and featuring $crypto$ resources. We model and evaluate the relative importance of different profile characteristics in the final decision of an attacker to purchase a profile, and discuss implications for defenses and risk evaluation.

Ho-Chun Herbert Chang,Matt Bui,Charlton McIlwain

DOI: https://doi.org/10.48550/arXiv.2109.15294

2021-10-01

Abstract:This paper uses and recycles data from a third-party digital marketing firm, to explore how targeted ads contribute to larger systems of racial discrimination. Focusing on a case study of targeted ads for educational searches in New York City, it discusses data visualizations and mappings of trends in the advertisements' targeted populations alongside U.S census data corresponding to these target zipcodes. We summarize and reflect on the results to consider how internet platforms systemically and differentially target advertising messages to users based on race; the tangible harms and risks that result from an internet traffic system designed to discriminate; and finally, novel approaches and frameworks for further auditing systems amid opaque, black-boxed processes forestalling transparency and accountability.

Computers and Society,Social and Information Networks

Nikolaos Lykousas,Vasilios Koutsokostas,Fran Casino,Constantinos Patsakis

DOI: https://doi.org/10.48550/arXiv.2105.11805

2021-05-25

Abstract:Cybercrime is continuously growing in numbers and becoming more sophisticated. Currently, there are various monetisation and money laundering methods, creating a huge, underground economy worldwide. A clear indicator of these activities is online marketplaces which allow cybercriminals to trade their stolen assets and services. While traditionally these marketplaces are available through the dark web, several of them have emerged in the surface web. In this work, we perform a longitudinal analysis of a surface web marketplace. The information was collected through targeted web scrapping that allowed us to identify hundreds of merchants' profiles for the most widely used surface web marketplaces. In this regard, we discuss the products traded in these markets, their prices, their availability, and the exchange currency. This analysis is performed in an automated way through a machine learning-based pipeline, allowing us to quickly and accurately extract the needed information. The outcomes of our analysis evince that illegal practices are leveraged in surface marketplaces and that there are not effective mechanisms towards their takedown at the time of writing.

Cryptography and Security