Understanding Social Engineering Based Scams

About the Editor and Contributors
	Contributors
	Contributor Bios
Contents
An Overview of the Scam Problem
	About Scams and This Book
	About This Book
	References
1 Scams and Targeting
	1.1 Yields and Targeting
	1.2 Understanding Yields and Trends
	References
Part I Identifying Trends
	2 Identifying Scams and Trends
		2.1 Gathering Hundreds of Thousands of Scam Messages
		2.2 Taxonomy of Scam Emails
			2.2.1 Non-Targeted Scams
			2.2.2 Targeted Scams
			2.2.3 Scams that Are Both Non-targeted and Targeted
			2.2.4 Miscellaneous Scams
		2.3 Scam Classification
		2.4 Scam Trends
			2.4.1 Targeted vs. Non-Targeted Scams
			2.4.2 Scams on the Rise
			2.4.3 Scams in Decline
		References
	3 Predicting Trends
		3.1 Vulnerabilities Point to Trends
		3.2 Measuring Credibility
		References
Part II Why Do People Fall for Scams?
	4 Persuasion in Scams
		4.1 Persuasion in Emails
		4.2 Principles of Persuasion
			4.2.1 Principles of Persuasion in Scam Categories
			4.2.2 Scam Terms: Trends and Persuasion
			4.2.3 Comparison Between Scam and Legitimate Term Trends
		References
Part III Filtering Technology
	5 Traditional Countermeasures to Unwanted Email
		5.1 The History of Spam
		5.2 Anti-Spam Landscape
		5.3 Content-Based Spam Filtering
		5.4 Blacklisting Approaches
		5.5 Anti-Spoofing Approaches
			5.5.1 DKIM
			5.5.2 SPF
			5.5.3 DMARC
		References
	6 Obfuscation in Spam and Scam
		6.1 Confusable Characters and Homograph Scam Attacks
		6.2 How to Test the Attack
		6.3 Detecting Obfuscated Scam
		References
	7 Semantic Analysis of Messages
		7.1 Example: Stranded Traveler Scams
		7.2 Detecting Storylines
		7.3 Detecting Brand Abuse
Part IV Understanding the Problem Starts with Measuring It
	8 Case Study: Sales Scams
		8.1 The Automated Honeypot Ad System
			8.1.1 Magnetic Honeypot Ads
			8.1.2 Automated Communication with Scammers
		8.2 Automated Scammer Interaction
		8.3 Where Are the Scammers?
			8.3.1 Collected Emails and Threads
			8.3.2 IP Addresses
			8.3.3 Email Accounts
			8.3.4 Shipping Addresses and Phone Numbers
			8.3.5 Attribution: Performing Scammer Group Classification
		8.4 Discussion
	9 Case Study: Rental Scams
		9.1 Dataset
			9.1.1 Rental Listing Crawling
			9.1.2 Campaign Identification
			9.1.3 Campaign Expansion Phase: Latitudinal
			9.1.4 Campaign Expansion Phase: Longitudinal
			9.1.5 Campaign Summaries
		9.2 Credit Report Rental Scams
			9.2.1 Data Collection
			9.2.2 Dataset Sanity Check
			9.2.3 Two-Scams-in-One
			9.2.4 In-Depth Analysis
		9.3 Clone Scams
			9.3.1 Data Collection
			9.3.2 In-Depth Analysis of Confirmed Scams
		9.4 Realtor Service Scams
			9.4.1 Data Collection
			9.4.2 American Standard Online
			9.4.3 New Line Equity
			9.4.4 Search Rent to Own
		9.5 Flagged Ad Analysis
		References
	10 Case Study: Romance Scams
		10.1 Romance Scams: A Hurtful Crime
		10.2 Collecting Intelligence
		10.3 Romance Scam Taxonomy
			10.3.1 Traditional Romance Scam
			10.3.2 Affiliate Marketing Scam
			10.3.3 Phone Scam
			10.3.4 Simulated Spam Filter Results
		10.4 Filtering Insights
		Reference
	11 Case Study: Business Email Compromise
		11.1 The Typical BEC Scam
		11.2 How Scammers Masquerade as Anybody They Want
		11.3 A Look at Which Senders Are Deceptive
		11.4 Defending Against Business Email Compromise
		References
Part V Conclusion
	12 Conclusion and Next Steps
Index