References
[1]
S. Afroz, V. Garg, D. McCoy, and R. Greenstadt. Honor among thieves:
A common’s analysis of cybercrime economies. In eCrime Researchers
Summit (eCRS), 2013.
[2]
S. Afroz, A. C. Islam, A. Stolerman, R. Greenstadt, and D. McCoy.
Doppelgänger finder: Taking stylometry to the underground. In
Proceedings of the IEEE Symposium on Security and Privacy, 2014.
[3]
B. Atkins and W. Huang. A study of social engineering in online frauds.
Open Journal of Social Sciences, 1(03):23, 2013.
[4]
R. Bhalerao, M. Aliapoulios, I. Shumailov, S. Afroz, D. McCoy,
K. Levchenko, and V. Paxson. Mapping the underground: Towards
automatic discovery of cybercrime supply chains. arXiv preprint
arXiv:1812.00381, 2018.
[5] H. D. S. Bhd. Identify geographical location by ip address.
[6]
S. Bird, E. Klein, and E. Loper. Natural language processing with
Python: analyzing text with the natural language toolkit. " O’Reilly
Media, Inc.", 2009.
[7]
M. W. Brown, J. H. McIntyre, M. A. Paolini, J. M. Weaver, and S. L.
Winters. Providing account usage fraud protection, Dec. 12 2006. US
Patent 7,149,296.
[8]
J.-W. H. Bullée, L. Montoya, W. Pieters, M. Junger, and P. Hartel. On
the anatomy of social engineering attacks: A literature-based dissection
of successful attacks. Journal of investigative psychology and offender
profiling, 15(1):20–45, 2018.
[9] N. Christin. Traveling the silk road: A measurement analysis of a large
anonymous online marketplace. In Proceedings of the International
World Wide Web Conference (WWW), 2013.
[10]
G. Durrett, J. K. Kummerfeld, T. Berg-Kirkpatrick, R. S. Portnoff,
S. Afroz, D. McCoy, K. Levchenko, and V. Paxson. Identifying products
in online cybercrime marketplaces: A dataset for fine-grained domain
adaptation. arXiv preprint arXiv:1708.09609, 2017.
[11] FBI. Internet fraud.
[12]
A. Ferreira, L. Coventry, and G. Lenzini. Principles of persuasion
in social engineering and their use in phishing. In International
Conference on Human Aspects of Information Security, Privacy, and
Trust, pages 36–47. Springer, 2015.
[13]
J. R. Finkel, T. Grenager, and C. Manning. Incorporating non-local
information into information extraction systems by gibbs sampling. In
Proceedings of Association for Computational Linguistics (ACL), 2005.
[14]
I. V. Hagen. 22-year-old allegedly scammed amazon out of $370k with
return shipments filled with dirt, Aug. 2019.
[15]
S. Hao, K. Borgolte, N. Nikiforakis, G. Stringhini, M. Egele, M. Eubanks,
B. Krebs, and G. Vigna. Drops for stuff: An analysis of reshipping
mule scams. In Proceedings of the ACM Conference on Computer and
Communications Security (CCS), 2015.
[16]
M. Harbach, S. Fahl, and M. Smith. Who’s afraid of which bad wolf?
a survey of it security risk awareness. In Proceedings of the IEEE
Computer Security Foundations Symposium (CSF), 2014.
[17]
A. Hutchings and T. J. Holt. A crime script analysis of the online stolen
data market. British Journal of Criminology, 2015.
[18]
D. Irani, M. Balduzzi, D. Balzarotti, E. Kirda, and C. Pu. Reverse
social engineering attacks in online social networks. In International
Conference on Detection of Intrusions and Malware, and Vulnerability
Assessment, pages 55–74. Springer, 2011.
[19]
P. A. Jankowski and C.-L. Yen. Return fraud protection system, Jan. 27
2015. US Patent 8,942,990.
[20]
M. Junger, L. Montoya, and F.-J. Overink. Priming and warnings are
not effective to prevent social engineering attacks. Computers in human
behavior, 66:75–87, 2017.
[21]
M. Karami and D. McCoy. Understanding the emerging threat of
ddos-as-a-service. In Presented as part of the 6th USENIX Workshop
on Large-Scale Exploits and Emergent Threats, 2013.
[22]
M. Karami, Y. Park, and D. McCoy. Stress testing the booters: Under-
standing and undermining the business of ddos services. In Proceedings
of the International World Wide Web Conference (WWW), 2016.
[23]
B. J. Kwon, J. Mondal, J. Jang, L. Bilge, and T. Dumitra¸s. The dropper
effect: Insights into malware distribution with downloader graph
analytics. In Proceedings of the ACM Conference on Computer and
Communications Security (CCS), 2015.
[24]
W. Melicher, B. Ur, S. M. Segreti, S. Komanduri, L. Bauer, N. Christin,
and L. F. Cranor. Fast, lean, and accurate: Modeling password
guessability using neural networks. In Proceedings of the USENIX
Security Symposium (USENIX), 2016.
[25]
X. Mi, X. Feng, X. Liao, B. Liu, X. Wang, F. Qian, Z. Li, S. Alrwais,
L. Sun, and Y. Liu. Resident evil: Understanding residential ip proxy
as a dark service. In Proceedings of the IEEE Symposium on Security
and Privacy, 2019.
[26]
A. Modi, Z. Sun, A. Panwar, T. Khairnar, Z. Zhao, A. Doupé, G.-J.
Ahn, and P. Black. Towards automated threat intelligence fusion. In
Proceedings of the IEEE International Conference on Collaboration
and Internet Computing (CIC), 2016.
[27]
S. Mori, H. Nishida, and H. Yamada. Optical character recognition.
John Wiley & Sons, Inc., 1999.
[28]
M. Motoyama, D. McCoy, K. Levchenko, S. Savage, and G. M. Voelker.
An analysis of underground forums. In Proceedings of the ACM
SIGCOMM Conference on Internet Measurement (IMC), 2011.
[29]
T. Nelms, R. Perdisci, M. Antonakakis, and M. Ahamad. Towards
measuring and mitigating social engineering software download attacks.
In USENIX Security Symposium, pages 773–789, 2016.
[30]
A. Oest. Leveraging scalable data analysis to proactively bolster the
anti-phishing ecosystem. Arizona State University, 2020.
[31]
A. Oest, Y. Safaei, A. Doupé, G.-J. Ahn, B. Wardman, and K. Tyers.
Phishfarm: A scalable framework for measuring the effectiveness of
evasion techniques against browser phishing blacklists. In Proceedings
of the IEEE Symposium on Security and Privacy, 2019.
[32]
A. Oest, P. Zhang, B. Wardman, E. Nunes, J. Burgis, A. Zand, K. Thomas,
A. Doupé, and G.-J. Ahn. Sunrise to sunset: Analyzing the end-to-end
life cycle and effectiveness of phishing attacks at scale. In Proceedings
of the USENIX Security Symposium (USENIX), 2020.
[33]
C. Osborne. Nulled.io hacking forum data breach exposes attackers
in the shadows, May 2016.
[34]
A. C. Plane, E. M. Redmiles, M. L. Mazurek, and M. C. Tschantz. Ex-
ploring user perceptions of discrimination in online targeted advertising.
In Proceedings of the USENIX Security Symposium (USENIX), 2017.
[35]
I. Poese, S. Uhlig, M. A. Kaafar, B. Donnet, and B. Gueye. Ip
geolocation databases: Unreliable? ACM SIGCOMM Computer
Communication Review, 2011.
[36]
A. K. Sood and R. J. Enbody. Crimeware-as-a-service: a survey of
commoditized crimeware in the underground market. International
Journal of Critical Infrastructure Protection, 2013.
[37]
D. Speights and M. Hilinski. Return fraud and abuse: How to protect
profits. Retailing Issues Letter, 17(1):1–6, 2005.
[38]
G. Stringhini, G. Wang, M. Egele, C. Kruegel, G. Vigna, H. Zheng, and
B. Y. Zhao. Follow the green: growth and dynamics in twitter follower
markets. In Proceedings of the ACM SIGCOMM Conference on Internet
Measurement (IMC), 2013.
[39]
A. Sun, E.-P. Lim, and Y. Liu. On strategies for imbalanced text classifi-
cation using svm: A comparative study. Decision Support Systems, 2009.
[40]
Z. Sun, C. E. Rubio-Medrano, Z. Zhao, T. Bao, A. Doupé, and G.-J.
Ahn. Understanding and Detecting Private Interactions in Underground
Forums. In Proceedings of the ACM Conference on Data and
Application Security and Privacy (CODASPY), 2019.
[41]
S. Sundaresan, D. McCoy, S. Afroz, and V. Paxson. Profiling under-
ground merchants based on network behavior. In Proceedings of the
IEEE Symposium on Electronic Crime Research (eCrime), 2016.
[42]
K. Thomas, F. Li, A. Zand, J. Barrett, J. Ranieri, L. Invernizzi, Y. Markov,
O. Comanescu, V. Eranti, A. Moscicki, et al. Data breaches, phishing, or
malware? understanding the risks of stolen credentials. In Proceedings
of the ACM Conference on Computer and Communications Security
(CCS), 2017.
[43]
K. Thomas, F. Li, A. Zand, J. Barrett, J. Ranieri, L. Invernizzi, Y. Markov,
O. Comanescu, V. Eranti, A. Moscicki, et al. Data breaches, phishing, or
malware?: Understanding the risks of stolen credentials. In Proceedings
of the ACM Conference on Computer and Communications Security
(CCS), pages 1421–1434. ACM, 2017.