Phi.sh/$oCiaL: The Phishing Landscape
through Short URLsSidharth Chhabra*, Anupama Aggarwal†, Fabricio Benevenuto‡, Ponnurangam Kumaraguru†
*Delhi College of Engineering, †IIIT-Delhi, †Federal University of Ouro Preto
2
Motivation
3
4
5
Phishing via Short URLs
6
•Most popular - June 2010 - January 2011 *
•Most abused URL shortener
•23.48% of short URL services
http://techblog.avira.com/en/
7
Research Aim
8
•Analysis of Phishing Tweets containing Bitly
• How is Bitly used by Phishers?
• Who is Targeted ?
• Which Locations are Affected ?
9
System Architecture
10
Referral Analysis
URL
Time
Is a Phish
Is Up
Phishing
URLs
Short
URLsLong URL
Short URL
Created by
Lookup API
Brand Analysis
Temporal Analysis
Geographical Analysis
Behavioral
Analysis
Text Analysis
Network Analysis
Data Collection Filtering
Analysis
11
Vote if Phishing
Yes No Unknown
Online
Yes 11,081 392 1,234
No1,02,17
55,991 68,731
Unknown 4,863 523 795
1 January - 31 December, 2010
Dataset
12
Dataset
• 990 public Twitter users who posted phish tweets
• 864 user accounts present at the time of analysis
• 2000 past tweets for each of 516 users
13
Results
14
Space gain is fraction of space saved by using bit.lyFor 50% URLs, Space Gain < 37%
15
Social Network Websites targeted
16
516Twitterusers
213 inorganic
303 organic
153 compromised
150 legitimate
Phish activity is majorly automated
17
Sparse Network, High Reciprocity
18
Country was determined by using the Bit.ly statistics
Brazil is most targeted followed by US and Canada
19
Limitations
20
•Reliance on PhishTank
•90% URLs offline when voted
•Small number of active voters
21
Conclusion
22
•URLs shorteners used to hide identity
•Change in landscape of phishing - OSNs target
•Phishing activity is automated
•Lack of phishing communities
•Brazil had highest phish URL clickthrough
23
Future Work
24
•Analyze the use of URL shorteners like goo.gl, tinyurl etc.
•Develop an algorithm to detect phishing on Twitter