How Many Phish Can Tweet? Investigating the Effectiveness of Twitter's Phishing and Malware Defence System. / Bell, Simon.

2021. 311 p.

Research output: ThesisDoctoral Thesis

Unpublished

Standard

Harvard

APA

Vancouver

Author

BibTeX

@phdthesis{b7f5562edd724169ac672e9a28beb3be,
title = "How Many Phish Can Tweet? Investigating the Effectiveness of Twitter's Phishing and Malware Defence System",
abstract = "Phishing and malware attacks continue to plague the digital world; wreaking havoc on individuals, businesses, and governments worldwide. Attacks often target popular platforms, such as Twitter: a microblogging social networking service with over 330 million active monthly users, posting more than 500 million daily tweets. This thesis explores how well-protected Twitter users are from phishing and malware attacks. We take an empirical, data-driven approach to investigate the effectiveness of Twitter's cybercrime defence system at time-of-tweet and time-of-click. We create Phishalytics: our measurement infrastructure that collects and analyses large-scale data sets. Our data feeds include Twitter's Stream API, Bitly's Clicks API, and 3 popular blacklists: Google Safe Browsing, PhishTank, and OpenPhish. We improve internet measurement studies by addressing soundness and limitations of existing work. Our studies include characterising URL blacklists, investigating blacklist delays, and examining Twitter's URL shortener (t.co). We aim to better enable policymakers, technology designers, and researchers to strengthen online user security. We provide empirical evidence highlighting the state, and scale, of cybercrime on Twitter. Key findings show over 10,000 phishing and malware URLs -- publicly tweeted to more than 131 million Twitter accounts -- received over 1.6 million clicks from Twitter users. Twitter's time-of-click defence system blocks only 12% of blacklisted URLs and web browsers miss up to 62% of non-blacklisted phishing websites. We recommend Twitter users ensure their risk appetite aligns with their cybercrime defence strategy. Furthermore, blacklists do not offer absolute protection and cybercriminals can exploit uptake delays.Our findings suggest more can be done to strengthen Twitter's phishing and malware defence system and improve user security. However, measuring and evaluating effectiveness is complex and non-trivial. We discuss the importance of soundness, the significance of measurement study reproducibility, and the challenges of measuring an ever-changing landscape.",
keywords = "Phishing, Malware, Measurement Study, Twitter, Cybercrime, PhD Thesis, Doctoral Thesis",
author = "Simon Bell",
year = "2021",
language = "English",
school = "Royal Holloway, University of London",

}

RIS

TY - THES

T1 - How Many Phish Can Tweet? Investigating the Effectiveness of Twitter's Phishing and Malware Defence System

AU - Bell, Simon

PY - 2021

Y1 - 2021

N2 - Phishing and malware attacks continue to plague the digital world; wreaking havoc on individuals, businesses, and governments worldwide. Attacks often target popular platforms, such as Twitter: a microblogging social networking service with over 330 million active monthly users, posting more than 500 million daily tweets. This thesis explores how well-protected Twitter users are from phishing and malware attacks. We take an empirical, data-driven approach to investigate the effectiveness of Twitter's cybercrime defence system at time-of-tweet and time-of-click. We create Phishalytics: our measurement infrastructure that collects and analyses large-scale data sets. Our data feeds include Twitter's Stream API, Bitly's Clicks API, and 3 popular blacklists: Google Safe Browsing, PhishTank, and OpenPhish. We improve internet measurement studies by addressing soundness and limitations of existing work. Our studies include characterising URL blacklists, investigating blacklist delays, and examining Twitter's URL shortener (t.co). We aim to better enable policymakers, technology designers, and researchers to strengthen online user security. We provide empirical evidence highlighting the state, and scale, of cybercrime on Twitter. Key findings show over 10,000 phishing and malware URLs -- publicly tweeted to more than 131 million Twitter accounts -- received over 1.6 million clicks from Twitter users. Twitter's time-of-click defence system blocks only 12% of blacklisted URLs and web browsers miss up to 62% of non-blacklisted phishing websites. We recommend Twitter users ensure their risk appetite aligns with their cybercrime defence strategy. Furthermore, blacklists do not offer absolute protection and cybercriminals can exploit uptake delays.Our findings suggest more can be done to strengthen Twitter's phishing and malware defence system and improve user security. However, measuring and evaluating effectiveness is complex and non-trivial. We discuss the importance of soundness, the significance of measurement study reproducibility, and the challenges of measuring an ever-changing landscape.

AB - Phishing and malware attacks continue to plague the digital world; wreaking havoc on individuals, businesses, and governments worldwide. Attacks often target popular platforms, such as Twitter: a microblogging social networking service with over 330 million active monthly users, posting more than 500 million daily tweets. This thesis explores how well-protected Twitter users are from phishing and malware attacks. We take an empirical, data-driven approach to investigate the effectiveness of Twitter's cybercrime defence system at time-of-tweet and time-of-click. We create Phishalytics: our measurement infrastructure that collects and analyses large-scale data sets. Our data feeds include Twitter's Stream API, Bitly's Clicks API, and 3 popular blacklists: Google Safe Browsing, PhishTank, and OpenPhish. We improve internet measurement studies by addressing soundness and limitations of existing work. Our studies include characterising URL blacklists, investigating blacklist delays, and examining Twitter's URL shortener (t.co). We aim to better enable policymakers, technology designers, and researchers to strengthen online user security. We provide empirical evidence highlighting the state, and scale, of cybercrime on Twitter. Key findings show over 10,000 phishing and malware URLs -- publicly tweeted to more than 131 million Twitter accounts -- received over 1.6 million clicks from Twitter users. Twitter's time-of-click defence system blocks only 12% of blacklisted URLs and web browsers miss up to 62% of non-blacklisted phishing websites. We recommend Twitter users ensure their risk appetite aligns with their cybercrime defence strategy. Furthermore, blacklists do not offer absolute protection and cybercriminals can exploit uptake delays.Our findings suggest more can be done to strengthen Twitter's phishing and malware defence system and improve user security. However, measuring and evaluating effectiveness is complex and non-trivial. We discuss the importance of soundness, the significance of measurement study reproducibility, and the challenges of measuring an ever-changing landscape.

KW - Phishing

KW - Malware

KW - Measurement Study

KW - Twitter

KW - Cybercrime

KW - PhD Thesis

KW - Doctoral Thesis

UR - https://phishalytics.com

M3 - Doctoral Thesis

ER -