University of Texas at Arlington Takes APWG eCrime Symposium Top Paper Award With Study of Twitter's Growing Utility as a Potent Phishing Report Channel

Researchers from Temple and Princeton Win 'Best Student Paper' Awards With Social-Engineering Capture the Flag Exercise and a Study of the Security and Privacy Risks of Phone Number Recycling

(L to R) Sayak Saha Roy, Professor Dr. Shirin Nilizadeh and Unique Karanjit of UT Arlington

The 2021 APWG Symposium on Electronic Crime Research (APWG eCrime) gave a research team from the University of Texas at Arlington its Best Paper award for an examination of Twitter as a reporting mechanism employed by cybercrime responders to notify stakeholders of phishing attacks.

"Evaluating the Effectiveness of Phishing Reports on Twitter," by doctoral candidate Sayak Saha Roy, student Unique Karanjit and Shirin Nilizadeh, Ph.D., Assistant Professor at UT Arlington's Department of Computer Science and Engineering, won the award on December 3 for their groundbreaking study of an emerging trend: tweeting about phishing attacks — instead of using the reporting methods used for the past two decades (e.g. email, web and open-source archives). 

The team's winning paper concluded, "[O]ur findings indicate that phishing reports on Twitter tend to share more information about the phishing URLs, cover an extra threat category (drive-by download) of attacks, and tend to have low volume of false positives. . . When the targeted entities (targets) interact (comment) with the posts, it leads to quick deactivation of the reported URL, as well as getting detected by more anti-phishing engines."

The Best Student Paper award was given to two papers submitted to APWG eCrime 2021: 

Temple University student Rachel Bleiman received the award for "Collegiate Social Engineering Capture the Flag Competition," published with supervisor Aunshul Rege, Ph.D., Associate Professor with the Department of Criminal Justice at Temple University. The researchers organized and hosted a Collegiate SECTF grounded in the social sciences, emphasizing behavioral and socio-psychological aspects of cybercrime, which offered a timely and unique platform for students to learn about social engineering topics, such as OSINT, phishing, and vishing, in a hands-on, engaging, and ethical manner.

Princeton University student Kevin Lee also received the Best Student Paper award for authoring "Security and Privacy Risks of Number Recycling at Mobile Carriers in the United States" with supervisor Dr. Arvind Narayanan, Associate Professor of Computer Science at Princeton. Of the 259 recycled numbers in their sample, the investigators found, 171 of them were tied to existing accounts at popular websites, potentially allowing those accounts to be hijacked. A majority of available numbers led to hits on people search services, providing personally identifiable information on previous owners. Some 100 of the numbers were linked to leaked login credentials on the web, which could enable account hijackings that defeat SMS-based multi-factor authentication. 

Dr. Guy-Vincent Jourdan, Program Chair of eCrime 2021, said, "It is a reflection of the diversity of the contributions at this year's eCrime conference: one of the papers comes from the social science domain, describing an exciting experiment teaching awareness of the perils of social engineering through an entertaining 'capture the flag' competition; while the other paper is squarely in the technical field, looking at what's wrong with the way mobile carriers reassign phone numbers in the United States."

APWG eCrime 2021's full agenda is still posted at https://apwg.org/event/ecrime2021/.

APWG eCrime's yield of cutting-edge papers was curated by a new management team for the 2021 edition of the symposium.

For APWG eCrime 2021, the University of Cambridge's Alice Hutchings, a University Lecturer in the Security Group at the Computer Laboratory, a Fellow of King's College and Deputy-Director of the Cambridge Cybercrime Centre, served as the General Chair of the symposium.

University of Ottawa's Guy-Vincent Jourdan, a full professor and program coordinator for cybersecurity at the School of Electrical Engineering and Computer Science, and an inaugurating research fellow of the APWG Crypto Currency Working Group, assisted in the development of the symposium this year as Program Chair.

Laurin Weissinger, lecturer at The Fletcher School of Tufts University, and Cybersecurity Fellow of the Cyber Initiative at Yale Law School, served as this year's Publications Chair for the symposium.

The Symposium on Electronic Crime Research (APWG eCrime) was founded in 2006 as the eCrime Researchers Summit, conceived by APWG Secretary General Peter Cassidy as a comprehensive, multi-disciplinary venue to present basic and applied research into electronic crime and engaging every aspect of its evolution - as well as spotlighting technologies and techniques for cybercrime detection, response, forensics and prevention.

Since then, what had been initially a technology-focused conference has incrementally expanded its focus to cover behavioral, social, economic, and legal / policy dimensions as well as technical aspects of cybercrime, following the interests of our correspondent investigators, the symposium's managers as well as the APWG's own directors and steering committee members.

Scores upon scores of papers exploring these dimensions of cybercrime at APWG eCrime have been published by the IEEE <APWG | eCrime Research Papers> as well as by Taylor & Francis and the Association of Computing Machinery (in the very earliest years of the symposium).

With its multi-disciplinary approach, APWG eCrime every year brings together the most heterogeneous community of counter-eCrime researchers and industrial stakeholders to confer over the latest research, and to foster collaborations between the leading investigators in this still nascent field of cybercrime studies.

The power of that community, over the years, has been expressed in their contributions to research in academia and industry, cited in the papers above, their innovations for industry - and the globally scaled research projects they've organizing today with APWG: https://ecrimeresearch.org/applied_research/

Media Contact: info@apwg.org or Tel: +1 617 669 1123

About the APWG

Founded in 2003, the Anti-Phishing Working Group, (APWG) is the global industry, law enforcement, and government coalition focused on unifying the global response to electronic crime. Membership is open to qualified financial institutions, online retailers, ISPs and Telcos, the law enforcement community, solutions providers, multilateral treaty organizations, research centers, trade associations and government agencies. There are more than 1,800 companies, government agencies and NGOs participating in the APWG worldwide. The APWG's www.apwg.org and education.apwg.org websites offer the public, industry and government agencies practical information about phishing and electronically mediated fraud as well as pointers to pragmatic technical solutions that provide immediate protection. The APWG is co-founder and co-manager of the STOP. THINK. CONNECT. Messaging Convention, the global online safety public awareness collaborative and founder/curator of the Symposium on Electronic Crime Research, the world's only peer-reviewed conference dedicated specifically to electronic crime studies. APWG advises hemispheric and global trade groups and multilateral treaty organizations such as the European Commission, the G8 High Technology Crime Subgroup, Council of Europe's Convention on Cybercrime, United Nations Office of Drugs and Crime, Organization for Security and Cooperation in Europe, Europol EC3 and the Organization of American States. APWG is a member of the steering group of the Commonwealth Cybercrime Initiative at the Commonwealth of Nations. Among APWG's corporate sponsors are: Abnormal, Accenture, Acronis, Afilias, AGARI, AhnLab, AT&T, Allure Security, AREA 1, AIT, appgate, Avast, Awayr AI, AXUR, BW CIRT, Bambenek Consulting, Banelco CSIRT, Bolster, BrandShield, Browlser, ByteDance, Canva, CaixaBank, Check Point, Cisco, CLARO, Cloudflare, CLOUDMARK, COFENSE, Coinbase, Comcast, CSC, CSIRT BANELCO, CSIS, Cyan Digital Security, CYREN, Cyxtera, CZ.NIC, DigiCert, DNS Belgium, DomianTools, EBRAND, Entrust Datacard, ESET, Facebook, FirstRand, Fortinet, FraudWatch, GetResponse, GMS Securidad, GoDaddy Registry, Group-IB, Guidewire. Hitachi Systems, .ID, ICANN, Infoblox, Ingressum, IQ Global, iThreat, Kaspersky, KnowBe4, Lenos Software, LINE, Looking Glass, LSEC, Mailshell, McAfee, Microsoft, Mimecast, NAVER, Netcraft, NetSTAR, Noblis, Nominet, Opera, OpSec Security, Palo Alto Networks, PANDI, PayPal, PhishLabs, Proofpoint, Qintel, Rakuten, Recorded Future, Red Sift, REDIRIS, ReversingLabs, RiskIQ, RSA, S2W Lab, SafeGuard Cyber, Salesforce, Secutec, SIDN, SlashNext, Sopos, SWITCH, Symantec, Thomsen Trampedach, ThreatSTOP, TNO, TrendMicro, Trustwave, Twilio, Unbiased Security, Vade, Verisign, Viettel Cyber Security, Webroot, workday, ZeroFOX, ZibaSec, ZIX, and zvelo.

Source: APWG

Share:


Categories: IT Security

Tags: APWG, cybercrime, ecrime, phishing, Princeton University, ransomware, Temple University, University of Texas


Additional Images