Dialing back abuse on phone verified accounts

Kurt Thomas, Dmytro Iatskiv, Elie Bursztein, Tadek Pietraszek, Chris Grier, Damon McCoy

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    Abstract

    In the past decade the increase of for-profit cybercrime has given rise to an entire underground ecosystem supporting large-scale abuse, a facet of which encompasses the bulk registration of fraudulent accounts. In this paper, we present a 10 month longitudinal study of the underlying technical and financial capabilities of criminals who register phone verified accounts (PVA). To carry out our study, we purchase 4,695 Google PVA as well as pull a random sample of 300,000 Google PVA that Google disabled for abuse. We find that miscreants rampantly abuse free VOIP services to circum-vent the intended cost of acquiring phone numbers, in effect undermining phone verification. Combined with short lived phone numbers from India and Indonesia that we suspect are tied to human verification farms, this conuence of factors correlates with a market-wide price drop of 30-40% for Google PVA until Google penalized verifications from frequently abused carriers. We distill our findings into a set of recommendations for any services performing phone verification as well as highlight open challenges related to PVA abuse moving forward. Copyright is held by the author/owner(s).

    Original languageEnglish (US)
    Title of host publicationProceedings of the ACM Conference on Computer and Communications Security
    PublisherAssociation for Computing Machinery
    Pages465-476
    Number of pages12
    ISBN (Print)9781450329576
    DOIs
    StatePublished - Nov 3 2014
    Event21st ACM Conference on Computer and Communications Security, CCS 2014 - Scottsdale, United States
    Duration: Nov 3 2014Nov 7 2014

    Publication series

    NameProceedings of the ACM Conference on Computer and Communications Security
    ISSN (Print)1543-7221

    Other

    Other21st ACM Conference on Computer and Communications Security, CCS 2014
    Country/TerritoryUnited States
    CityScottsdale
    Period11/3/1411/7/14

    Keywords

    • Account abuse
    • Phone verification
    • Underground economies

    ASJC Scopus subject areas

    • Software
    • Computer Networks and Communications

    Fingerprint

    Dive into the research topics of 'Dialing back abuse on phone verified accounts'. Together they form a unique fingerprint.

    Cite this