Surveylance: Automatically Detecting Online Survey Scams

Abstract: Online surveys are a popular mechanism for performing market research in exchange for monetary compensation. Unfortunately, fraudulent survey websites are similarly rising in popularity among cyber-criminals as a means for executing social engineering attacks. In addition to the sizable population of users that participate in online surveys as a secondary revenue stream, unsuspecting users who search the web for free content or access codes to commercial software can also be exposed to survey scams. This occur… Show more

“…To classify web pages that trick users into interacting, it is common to use information that can be acquired after visiting the web page, such as image and HTML features [17,27]. However, if a classifier uses such features, it cannot detect an SE page similar to the legitimate page, such as a fake software-update web page that closely resembles a legitimate Flash update page or fake infection-alert page using the logo of security vendors.…”

“…Social engineering (SE) psychologically manipulates people to perform specific actions. Modern web-based attacks leverage SE for malware infections [24,25] and online frauds [17,23,29], which are called web-based SE attacks (or simply SE attacks). Attackers skillfully guide a user's browser interaction through attractive web content or warning messages to make users download malware or leak sensitive information.…”

“…Common systems to automatically collect SE attacks involve accessing web pages collected from search engines [17,27,29]. These systems use a web browser to crawl web pages and identify a particular SE attack by extracting features only from each web page.…”

“…The second idea is to extract features from reached web pages as well as an entire sequence of web pages. Unlike previous approaches that extract features from a single web page they have visited [17,29] or identify malicious URL chains automatically caused without user interactions (i.e., URL redirections) [22,30,32], StraySheep extracts features from the entire sequence of web pages it has actively and recursively followed. That is, StraySheep analyzes image and linguistic characteristics of reached web pages, browser events (e.g., displaying popup windows and alerts) that occurred before reaching the web page, and browser interactions that lead users to SE attacks.…”

“…SE is used to manipulate people into performing a particular action by exploiting their psychology and has been widely used in various types of web-based attacks, such as malware downloads [25,35], malicious browser extension installs [16,33,36], survey scams [17], and technical support scams [23,29]. Malware downloads and malicious browser extension installs are achieved by masquerading as legitimate software.…”

To Get Lost is to Learn the Way: Automatically Collecting Multi-step Social Engineering Attacks on the Web

“…To classify web pages that trick users into interacting, it is common to use information that can be acquired after visiting the web page, such as image and HTML features [17,27]. However, if a classifier uses such features, it cannot detect an SE page similar to the legitimate page, such as a fake software-update web page that closely resembles a legitimate Flash update page or fake infection-alert page using the logo of security vendors.…”

“…Social engineering (SE) psychologically manipulates people to perform specific actions. Modern web-based attacks leverage SE for malware infections [24,25] and online frauds [17,23,29], which are called web-based SE attacks (or simply SE attacks). Attackers skillfully guide a user's browser interaction through attractive web content or warning messages to make users download malware or leak sensitive information.…”

“…Common systems to automatically collect SE attacks involve accessing web pages collected from search engines [17,27,29]. These systems use a web browser to crawl web pages and identify a particular SE attack by extracting features only from each web page.…”

“…The second idea is to extract features from reached web pages as well as an entire sequence of web pages. Unlike previous approaches that extract features from a single web page they have visited [17,29] or identify malicious URL chains automatically caused without user interactions (i.e., URL redirections) [22,30,32], StraySheep extracts features from the entire sequence of web pages it has actively and recursively followed. That is, StraySheep analyzes image and linguistic characteristics of reached web pages, browser events (e.g., displaying popup windows and alerts) that occurred before reaching the web page, and browser interactions that lead users to SE attacks.…”

“…SE is used to manipulate people into performing a particular action by exploiting their psychology and has been widely used in various types of web-based attacks, such as malware downloads [25,35], malicious browser extension installs [16,33,36], survey scams [17], and technical support scams [23,29]. Malware downloads and malicious browser extension installs are achieved by masquerading as legitimate software.…”

To Get Lost is to Learn the Way: Automatically Collecting Multi-step Social Engineering Attacks on the Web

Funny Accents: Exploring Genuine Interest in Internationalized Domain Names

The “Game Hack” Scam