research-article

Public Access

Exposing Search and Advertisement Abuse Tactics and Infrastructure of Technical Support Scammers

Authors:

Bharat Srinivasan,

Athanasios Kountouras,

Mustaque AhamadAuthors Info & Claims

WWW '18: Proceedings of the 2018 World Wide Web Conference

Pages 319 - 328

https://doi.org/10.1145/3178876.3186098

Published: 23 April 2018 Publication History

All formats PDF

Abstract

Technical Support Scams (TSS), which combine online abuse with social engineering over the phone channel, have persisted despite several law enforcement actions. Although recent research has provided important insights into TSS, these scams have now evolved to exploit ubiquitously used online services such as search and sponsored advertisements served in response to search queries. We use a data-driven approach to understand search-and-ad abuse by TSS to gain visibility into the online infrastructure that facilitates it. By carefully formulating tech support queries with multiple search engines, we collect data about both the support infrastructure and the websites to which TSS victims are directed when they search online for tech support resources. We augment this with a DNS-based amplification technique to further enhance visibility into this abuse infrastructure. By analyzing the collected data, we provide new insights into search-and-ad abuse by TSS and reinforce some of the findings of earlier research. Further, we demonstrate that tech support scammers are (1) successful in getting major as well as custom search engines to return links to websites controlled by them, and (2) they are able to get ad networks to serve malicious advertisements that lead to scam pages. Our study period of approximately eight months uncovered over 9,000 TSS domains, of both passive and aggressive types, with minimal overlap between sets that are reached via organic search results and sponsored ads. Also, we found over 2,400 support domains which aid the TSS domains in manipulating organic search results. Moreover, to our surprise, we found very little overlap with domains that are reached via abuse of domain parking and URL-shortening services which was investigated previously. Thus, investigation of search-and-ad abuse provides new insights into TSS tactics and helps detect previously unknown abuse infrastructure that facilitates these scams.

References

[1]

Online. 800notes - Directory of UNKNOWN Callers. http://800notes.com/. (Online).

Abstract

References

Cited By

Index Terms

Recommendations

Scammers Paradise: The Explosive Insider Account of Nigerias Internet Scam Industry

SEO Strategies & Tactics: Understanding Ranking Strategies for Search Engine Optimization (The SEO University) - Volume 2

Earning Money from Internet Through Advertisement Websites

Comments

Information

Published In

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

HTML Format

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations