Abstract:
The main aim of a scam campaign is to get the maximum monetary benefit with maximum
reach and least infrastructure. This makes Online Social Networks (OSNs) such as Facebook
and Twitter prime targets for such campaigns. These campaigns propagate via two main end-
points - URLs and Phone Numbers.In traditional phone number scams, the attackers call the victims and trick them into giving away personally identifiable information (PII). However, we have recently seen a shift to a new kind of scam practice. Attackers have started abusing OSNs to propagate phone numbers under false scenarios to make the victim call the number instead. They capitalize the power of social media as the content gets published real time on all networks at the same time around the globe.This new type of scam practice has not been studied before. Now, since victims initiate the call,the campaign also requires greater infrastructure such as call centers to attend to the demand.These scams are harder to block as phone numbers change quite frequently and its subscriber information can be kept hidden easily.This is the first large scale characterization study that provides insights into cross platform OSN abuse. Working on a dataset of 5 OSNs - Facebook, Google+, YouTube, Flickr and Twitter, we use a series of clustering methods to identify various scam campaigns oating in OSNs. We further analyze two big campaigns, namely - Tech Support and Herbal spam campaigns. We study their behaviour, attack strategy, spread pattern and the economical impact made by such scam