dc.description.abstract |
With the advent of online social media, phishers have started using social networks like Twitter,
Facebook, and Foursquare to spread phishing scams. Twitter is an immensely popular micro-
blogging network where people post short messages of 140 characters called tweets. It has over
100 million active users who post about 200 million tweets everyday. Phishers have started using
Twitter as a medium to spread phishing because of this vast information dissemination. Due
to constraints of limited text space in social systems like Twitter, phishers have begun to use
URL shortener services. In this study, we rst provide an overview of phishing attacks for this
new scenario. One of our main conclusions was that phishers use URL shorteners not only for
reducing space but also to hide their identity. We also observed that social media websites like
Facebook, Habbo, Orkut are competing with e-commerce services like PayPal, eBay in terms of
tra c and focus of phishers. 1 Further, it is di cult to detect phishing on Twitter unlike emails
because of the quick spread of phishing links in the network, short size of the content, and use
of URL obfuscation to shorten the URL. We developed a technique, PhishAri, 2 which detects
phishing on Twitter in realtime. We use Twitter speci c features along with URL features to
detect whether a tweet posted with a URL is phishing or not. Some of the Twitter speci c
features we used are tweet content and its characteristics like length, hashtags, and mentions.
Other Twitter features used are the characteristics of the Twitter user posting the tweet such
as age of the account, number of tweets, and the follower-followee ratio. These TTwitterwitter
speci c features coupled with URL based features proved to be a strong mechanism to detect
phishing tweets. We used machine learning classi cation techniques and detected phishing tweets
with an accuracy of 92.52%. We deployed our system for end-users by providing an easy to use
Chrome browser extension. The extension works in realtime and classi es a tweet as phishing or
safe. In this research, we showed that we were able to detect phishing tweets at zero hour with
high accuracy which is much faster than public blacklists and as well as Twitter's own defense
mechanism to detect malicious content. We also performed a quick user evaluation of PhishAri
in a laboratory study to evaluate the usability and e ectiveness of PhishAri and showed that
users like and nd it convenient to use PhishAri in real-world. Currently, there are 74 active
users of PhishAri chrome extension. To the best of our knowledge, this is the rst realtime,
comprehensive and usable system to detect phishing on Twitter. |
en_US |