Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

6-2016

Abstract

Over the past decade, the number of mobile phones has increased dramatically, overtaking the world population in October 2014. In developing countries like India and China, mobile subscribers outnumber traditional landline users and account for over 90% of the active population. At the same time, convergence of telephony with the Internet with technologies like VoIP makes it possible to reach a large number of telephone users at a low or no cost via voice calls or SMS (short message service) messages. As a consequence, cybercriminals are abusing the telephony channel to launch attacks, e.g., scams that offer fraudulent services and voice-based phishing or vishing, that have previously relied on the Internet. In this paper, we introduce and deploy the first mobile phone honeypot called MobiPot that allow us to collect fraudulent calls and SMS messages. We implement multiple ways of advertising mobile numbers (honeycards) on MobiPot to investigate how fraudsters collect phone numbers that are targeted by them. During a period of over seven months, MobiPot collected over two thousand voice calls and SMS messages, and we confirmed that over half of them were unsolicited. We found that seeding honeycards enables us to discover attacks on the mobile phone numbers which were not known before.

Keywords

cybercrime, fraud, scam, mobile, vishing, security

Discipline

Information Security

Research Areas

Cybersecurity

Publication

ASIA CCS '16: Proceedings of the 11th ACM Symposium on Information, Computer and Communications Security: Xi'an, China, May 30 - June 3, 2016

First Page

723

Last Page

734

ISBN

9781450342339

Identifier

10.1145/2897845.2897890

Publisher

ACM

City or Country

New York

Additional URL

http://doi.org/10.1145/2897845.2897890

Download

Share

COinS