Understanding Social Engineering Based Scams (eBook)

Markus Jakobsson (Herausgeber)

eBook Download: PDF

2016 | 1st ed. 2016
XVI, 130 Seiten
Springer New York (Verlag)
978-1-4939-6457-4 (ISBN)

This book describes trends in email scams and offers tools and techniques

to identify such trends. It also describes automated countermeasures

based on an understanding of the type of persuasive methods used by

scammers. It reviews both consumer-facing scams and enterprise scams,

describing in-depth case studies relating to Craigslist scams and Business

Email Compromise Scams. This book provides a good starting point for

practitioners, decision makers and researchers in that it includes

alternatives and complementary tools to the currently deployed email

security tools, with a focus on understanding the metrics of scams.

Both professionals working in security and advanced-level students

interested in privacy or applications of computer science will find this book

a useful reference.

Dr. Markus Jakobsson is a leading voice in advising on advancements in understanding phishing, crimeware, social engineering and mobile security. He specializes in research around applied security, ranging from mobile malware detection to improved user interfaces, and with special attention to understanding and blocking fraud. Dr. Jakobsson has authored or co-authored more than a hundred peer-reviewed publications and numerous books related to Internet Security and Online Fraud. Dr. Jakobsson is the inventor of more than 50 patents and more than 100 pending patents, and consults as an expert witness in high-profile patent litigation cases. In 2013, Qualcomm acquired FatSkunk, an anti-malware startup founded by Dr. Jakobsson in 2009. He is the founder and CTO of ZapFraud Inc, a company dedicated to rubbing out Business Email Compromise.

This book describes trends in email scams and offers tools and techniquesto identify such trends. It also describes automated countermeasuresbased on an understanding of the type of persuasive methods used byscammers. It reviews both consumer-facing scams and enterprise scams,describing in-depth case studies relating to Craigslist scams and BusinessEmail Compromise Scams. This book provides a good starting point forpractitioners, decision makers and researchers in that it includesalternatives and complementary tools to the currently deployed emailsecurity tools, with a focus on understanding the metrics of scams.Both professionals working in security and advanced-level studentsinterested in privacy or applications of computer science will find this booka useful reference.

About the Editor and Contributors 8
Contributors 8
Contributor Bios 9
Contents 12
An Overview of the Scam Problem 14
About Scams and This Book 14
About This Book 15
References 17
1 Scams and Targeting 18
1.1 Yields and Targeting 18
1.2 Understanding Yields and Trends 19
References 20
Part I Identifying Trends 21
2 Identifying Scams and Trends 22
2.1 Gathering Hundreds of Thousands of Scam Messages 22
2.2 Taxonomy of Scam Emails 22
2.2.1 Non-Targeted Scams 23
2.2.2 Targeted Scams 25
2.2.3 Scams that Are Both Non-targeted and Targeted 26
2.2.4 Miscellaneous Scams 27
2.3 Scam Classification 27
2.4 Scam Trends 29
2.4.1 Targeted vs. Non-Targeted Scams 29
2.4.2 Scams on the Rise 31
2.4.3 Scams in Decline 33
References 34
3 Predicting Trends 35
3.1 Vulnerabilities Point to Trends 35
3.2 Measuring Credibility 36
References 39
Part II Why Do People Fall for Scams? 40
4 Persuasion in Scams 41
4.1 Persuasion in Emails 41
4.2 Principles of Persuasion 42
4.2.1 Principles of Persuasion in Scam Categories 44
4.2.2 Scam Terms: Trends and Persuasion 54
4.2.3 Comparison Between Scam and Legitimate Term Trends 57
References 58
Part III Filtering Technology 60
5 Traditional Countermeasures to Unwanted Email 61
5.1 The History of Spam 61
5.2 Anti-Spam Landscape 63
5.3 Content-Based Spam Filtering 65
5.4 Blacklisting Approaches 67
5.5 Anti-Spoofing Approaches 68
5.5.1 DKIM 68
5.5.2 SPF 70
5.5.3 DMARC 71
References 71
6 Obfuscation in Spam and Scam 73
6.1 Confusable Characters and Homograph Scam Attacks 73
6.2 How to Test the Attack 75
6.3 Detecting Obfuscated Scam 76
References 78
7 Semantic Analysis of Messages 79
7.1 Example: Stranded Traveler Scams 79
7.2 Detecting Storylines 80
7.3 Detecting Brand Abuse 83
Part IV Understanding the Problem Starts with Measuring It 85
8 Case Study: Sales Scams 86
8.1 The Automated Honeypot Ad System 86
8.1.1 Magnetic Honeypot Ads 86
8.1.2 Automated Communication with Scammers 87
8.2 Automated Scammer Interaction 88
8.3 Where Are the Scammers? 89
8.3.1 Collected Emails and Threads 90
8.3.2 IP Addresses 91
8.3.3 Email Accounts 92
8.3.4 Shipping Addresses and Phone Numbers 92
8.3.5 Attribution: Performing Scammer Group Classification 94
8.4 Discussion 96
9 Case Study: Rental Scams 97
9.1 Dataset 97
9.1.1 Rental Listing Crawling 98
9.1.2 Campaign Identification 99
9.1.3 Campaign Expansion Phase: Latitudinal 99
9.1.4 Campaign Expansion Phase: Longitudinal 100
9.1.5 Campaign Summaries 100
9.2 Credit Report Rental Scams 101
9.2.1 Data Collection 101
9.2.2 Dataset Sanity Check 102
9.2.3 Two-Scams-in-One 102
9.2.4 In-Depth Analysis 103
9.3 Clone Scams 104
9.3.1 Data Collection 105
9.3.2 In-Depth Analysis of Confirmed Scams 105
9.4 Realtor Service Scams 106
9.4.1 Data Collection 107
9.4.2 American Standard Online 107
9.4.3 New Line Equity 108
9.4.4 Search Rent to Own 108
9.5 Flagged Ad Analysis 109
References 110
10 Case Study: Romance Scams 111
10.1 Romance Scams: A Hurtful Crime 111
10.2 Collecting Intelligence 114
10.3 Romance Scam Taxonomy 115
10.3.1 Traditional Romance Scam 115
10.3.2 Affiliate Marketing Scam 115
10.3.3 Phone Scam 117
10.3.4 Simulated Spam Filter Results 119
10.4 Filtering Insights 120
Reference 121
11 Case Study: Business Email Compromise 122
11.1 The Typical BEC Scam 122
11.2 How Scammers Masquerade as Anybody They Want 123
11.3 A Look at Which Senders Are Deceptive 125
11.4 Defending Against Business Email Compromise 127
References 129
Part V Conclusion 130
12 Conclusion and Next Steps 131
Index 134

Erscheint lt. Verlag	13.9.2016
Zusatzinfo	XVI, 130 p. 51 illus., 18 illus. in color.
Verlagsort	New York
Sprache	englisch
Themenwelt	Mathematik / Informatik ► Informatik ► Datenbanken
	Informatik ► Netzwerke ► Sicherheit / Firewall
	Informatik ► Theorie / Studium ► Kryptologie
Schlagworte	419 Scam • applied security • Business Email Compromise • CEO scam • Email • Enterprise security • filtering • Fraud • metric • Nigerian scam • scam • Targeted scam • Trends
ISBN-10	1-4939-6457-7 / 1493964577
ISBN-13	978-1-4939-6457-4 / 9781493964574

Haben Sie eine Frage zum Produkt?

PDF (Wasserzeichen)
Größe: 3,6 MB

DRM: Digitales Wasserzeichen
Dieses eBook enthält ein digitales Wasserzeichen und ist damit für Sie personalisiert. Bei einer missbräuchlichen Weitergabe des eBooks an Dritte ist eine Rückverfolgung an die Quelle möglich.

Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür einen PDF-Viewer - z.B. den Adobe Reader oder Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür einen PDF-Viewer - z.B. die kostenlose Adobe Digital Editions-App.

Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

Print-Ausgabe

Buch | Hardcover

117,69 €