How Vulnerable are We to Scams?

Presented at Black Hat USA 2015, Aug. 5, 2015, 5:30 p.m. (30 minutes)

The number of Internet scams has increased in recent years. According to a survey by the Federal Trade Commission, more than one out of every ten adult Americans fall victim to scams every year, where a third of these scams originated on the Internet. However, it is well understood that surveys of victimization and losses severely underestimate the problem, since victims are unwilling to come forward due to embarrassment or resignation. This paper attempts to gain a better understanding of the problem by directly quantifying the extent to which users are vulnerable to scams.

We design and carry out experiments to estimate the fraction of scam messages that bypass commercial spam lters (i.e., messages that land in the user's inbox); and to assess the probability that a delivered message will be considered harmless by its recipient. The latter experiment provides evidence that recent scams - many of which are targeted are substantially more credible to typical users than "traditional" scam.


Presenters:

  • Ting-Fang Yen - DataVisor, Inc.
    Ting-Fang Yen is a research scientist at DataVisor, Inc., a young startup providing security analytics for consumer facing web and mobile sites. Before DataVisor, she was threat scientist at E8 Security, and principal research scientist at RSA. Ting-Fang received a PhD degree in Electrical and Computer Engineering from Carnegie Mellon University, Pittsburgh, PA.
  • Markus Jakobsson - ZapFraud
    Dr. Markus Jakobsson is a leading voice in advising on advancements in understanding phishing, crimeware and mobile security. He specializes in research around applied security, ranging from mobile malware detection to scam detection and improved user interfaces. Dr. Jakobsson has authored numerous books and more than 100 peer-reviewed conference and journal articles. He holds more than 50 patents and more than 100 pending patents.

Links:

Similar Presentations: