TY - GEN
T1 - Dialing back abuse on phone verified accounts
AU - Thomas, Kurt
AU - Iatskiv, Dmytro
AU - Bursztein, Elie
AU - Pietraszek, Tadek
AU - Grier, Chris
AU - McCoy, Damon
PY - 2014/11/3
Y1 - 2014/11/3
N2 - In the past decade the increase of for-profit cybercrime has given rise to an entire underground ecosystem supporting large-scale abuse, a facet of which encompasses the bulk registration of fraudulent accounts. In this paper, we present a 10 month longitudinal study of the underlying technical and financial capabilities of criminals who register phone verified accounts (PVA). To carry out our study, we purchase 4,695 Google PVA as well as pull a random sample of 300,000 Google PVA that Google disabled for abuse. We find that miscreants rampantly abuse free VOIP services to circum-vent the intended cost of acquiring phone numbers, in effect undermining phone verification. Combined with short lived phone numbers from India and Indonesia that we suspect are tied to human verification farms, this conuence of factors correlates with a market-wide price drop of 30-40% for Google PVA until Google penalized verifications from frequently abused carriers. We distill our findings into a set of recommendations for any services performing phone verification as well as highlight open challenges related to PVA abuse moving forward. Copyright is held by the author/owner(s).
AB - In the past decade the increase of for-profit cybercrime has given rise to an entire underground ecosystem supporting large-scale abuse, a facet of which encompasses the bulk registration of fraudulent accounts. In this paper, we present a 10 month longitudinal study of the underlying technical and financial capabilities of criminals who register phone verified accounts (PVA). To carry out our study, we purchase 4,695 Google PVA as well as pull a random sample of 300,000 Google PVA that Google disabled for abuse. We find that miscreants rampantly abuse free VOIP services to circum-vent the intended cost of acquiring phone numbers, in effect undermining phone verification. Combined with short lived phone numbers from India and Indonesia that we suspect are tied to human verification farms, this conuence of factors correlates with a market-wide price drop of 30-40% for Google PVA until Google penalized verifications from frequently abused carriers. We distill our findings into a set of recommendations for any services performing phone verification as well as highlight open challenges related to PVA abuse moving forward. Copyright is held by the author/owner(s).
KW - Account abuse
KW - Phone verification
KW - Underground economies
UR - http://www.scopus.com/inward/record.url?scp=84910651457&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84910651457&partnerID=8YFLogxK
U2 - 10.1145/2660267.2660321
DO - 10.1145/2660267.2660321
M3 - Conference contribution
AN - SCOPUS:84910651457
SN - 9781450329576
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 465
EP - 476
BT - Proceedings of the ACM Conference on Computer and Communications Security
PB - Association for Computing Machinery
T2 - 21st ACM Conference on Computer and Communications Security, CCS 2014
Y2 - 3 November 2014 through 7 November 2014
ER -