Trafficking fraudulent accounts: The role of the underground market in twitter spam and abuse

Kurt Thomas, Damon McCoy, Chris Grier, Alek Kolcz, Vern Paxson

    Research output: Chapter in Book/Report/Conference proceedingConference contribution


    As web services such as Twitter, Facebook, Google, and Yahoo now dominate the daily activities of Internet users, cyber criminals have adapted their monetization strategies to engage users within these walled gardens. To facilitate access to these sites, an underground market has emerged where fraudulent accounts - automatically generated credentials used to perpetrate scams, phishing, and malware - are sold in bulk by the thousands. In order to understand this shadowy economy, we investigate the market for fraudulent Twitter accounts to monitor prices, availability, and fraud perpetrated by 27 merchants over the course of a 10-month period. We use our insights to develop a classifier to retroactively detect several million fraudulent accounts sold via this marketplace, 95% of which we disable with Twitter's help. During active months, the 27 merchants we monitor appeared responsible for registering 10-20% of all accounts later flagged for spam by Twitter, generating $127-459K for their efforts.

    Original languageEnglish (US)
    Title of host publicationProceedings of the 22nd USENIX Security Symposium
    PublisherUSENIX Association
    Number of pages16
    ISBN (Electronic)9781931971034
    StatePublished - Jan 1 2013
    Event22nd USENIX Security Symposium - Washington, United States
    Duration: Aug 14 2013Aug 16 2013

    Publication series

    NameProceedings of the 22nd USENIX Security Symposium


    Conference22nd USENIX Security Symposium
    Country/TerritoryUnited States

    ASJC Scopus subject areas

    • Computer Networks and Communications
    • Information Systems
    • Safety, Risk, Reliability and Quality


    Dive into the research topics of 'Trafficking fraudulent accounts: The role of the underground market in twitter spam and abuse'. Together they form a unique fingerprint.

    Cite this