Dialing back abuse on phone verified accountsDialing back abuse on phone verified accounts
  1. publications
  2. anti-abuse

Dialing back abuse on phone verified accounts

Available Media

Publication (Pdf)

Slides (pdf)

ConferenceConference on Computer and Communications Security
AuthorsKurt Thomas , Dmytro Latskiv , Elie Bursztein ,
Citation

Bibtex Citation

@inproceedings{ THOMAS2014DIALING,title = {Dialing back abuse on phone verified accounts},author = {"Kurt, Thomas" and "Dmytro, Latskiv" and "Elie, Bursztein" and "Tadek, Pietraszek" and "Chris, Grier" and "Damon, McCoy"},booktitle = {Conference on Computer and Communications Security},year = {2014},organization = {AMC}}

In the past decade the increase of for-profit cybercrime has given rise to an entire underground ecosystem supporting large-scale abuse, a facet of which encompasses the bulk registration of fraudulent accounts. In this paper, we present a 10 month longitudinal study of the underlying technical and financial capabilities of criminals who register phone verified accounts (PVA). To carry out our study, we purchase 4,695 Google PVA as well as pull a random sample of 300,000 Google PVA that Google disabled for abuse. We find that miscreants rampantly abuse free VOIP services to circumvent the intended cost of acquiring phone numbers, in eject undermining phone verification. Combined with short lived phone numbers from India and Indonesia that we suspect are tied to human verification farms, this confluence of factors correlates with a market-wide price drop of 3040% for Google PVA until Google penalized verifications from frequently abused carriers. We distill our findings into a set of recommendations for any services performing phone verification as well as highlight open challenges related to PVA abuse moving forward.

Google Slides

Recent

newsletter signup slide

Get cutting edge research directly in your inbox.

newsletter signup slide

Get cutting edge research directly in your inbox.