theme image
Handcrafted fraud and extortion: manual account hijacking in the wildHandcrafted fraud and extortion: manual account hijacking in the wild
  1. publications
  2. anti-abuse

Handcrafted fraud and extortion: manual account hijacking in the wild

Available Media

Publication (Pdf)

Slides (pdf)

ConferenceInternet Measurement Conference (IMC) - 2014
AuthorsElie Bursztein , Borbala Benko , Daniel Margolis ,
Citation

Bibtex Citation

@inproceedings{ BURSZTEIN2014HANDCRAFTED,title = {Handcrafted fraud and extortion: manual account hijacking in the wild},author = {"Elie, Bursztein" and "Borbala, Benko" and "Daniel, Margolis" and "Tadek, Pietraszek" and "Andy, Archer" and "Allan, Aquino" and "Andreas, Pitsillidis" and "Stefan, Savage"},booktitle = {Internet Measurement Conference},year = {2014},organization = {AMC}}

Online accounts are inherently valuable resources both for the data they contain and the reputation they accrue over time. Unsurprisingly, this value drives criminals to steal, or hijack, such accounts. In this paper we focus on manual account hijacking account hijacking performed manually by humans instead of botnets. We describe the details of the hijacking workflow: the attack vectors, the exploitation phase, and post-hijacking remediation. Finally we share which defense strategies we found effective at Google to curb manual hijacking.

Google Slides

Related

newsletter signup slide

Get cutting edge research directly in your inbox.

newsletter signup slide

Get cutting edge research directly in your inbox.