TY - GEN
T1 - Having your cake and eating it
T2 - 30th USENIX Security Symposium, USENIX Security 2021
AU - Sun, Zhibo
AU - Oest, Adam
AU - Zhang, Penghui
AU - Rubio-Medrano, Carlos
AU - Bao, Tiffany
AU - Wang, Ruoyu
AU - Zhao, Ziming
AU - Shoshitaishvili, Yan
AU - Doupé, Adam
AU - Ahn, Gail Joon
N1 - Funding Information:
Acknowledgments We thank our shepherd, Paul Pearce, and the anonymous reviewers for their helpful suggestions. We also thank the two industry organizations for their valuable insights and collaboration. This work was supported by Institute for Information & Communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No. 2017-0-00168, Automatic Deep Malware Analysis Technology for Cyber Threat Intelligence), and by the NSF grant NSF-2000792.
Publisher Copyright:
© 2021 by The USENIX Association. All rights reserved.
PY - 2021
Y1 - 2021
N2 - Concession Abuse as a Service (CAaaS) is a growing scam service in underground forums that defrauds online retailers through the systematic abuse of their return policies (via social engineering) and the exploitation of loopholes in company protocols. Timely detection of such scams is difficult as they are fueled by an extensive suite of criminal services, such as credential theft, document forgery, and fake shipments. Ultimately, the scam enables malicious actors to steal arbitrary goods from merchants with minimal investment. In this paper, we perform in-depth manual and automated analysis of public and private messages from four large underground forums to identify the malicious actors involved in CAaaS, carefully study the operation of the scam, and define attributes to fingerprint the scam and inform mitigation strategies. Additionally, we surveyed users to evaluate their attitudes toward these mitigations and understand the factors that merchants should consider before implementing these strategies. We find that the scam is easy to scale-and can bypass traditional anti-fraud efforts-and thus poses a notable threat to online retailers.
AB - Concession Abuse as a Service (CAaaS) is a growing scam service in underground forums that defrauds online retailers through the systematic abuse of their return policies (via social engineering) and the exploitation of loopholes in company protocols. Timely detection of such scams is difficult as they are fueled by an extensive suite of criminal services, such as credential theft, document forgery, and fake shipments. Ultimately, the scam enables malicious actors to steal arbitrary goods from merchants with minimal investment. In this paper, we perform in-depth manual and automated analysis of public and private messages from four large underground forums to identify the malicious actors involved in CAaaS, carefully study the operation of the scam, and define attributes to fingerprint the scam and inform mitigation strategies. Additionally, we surveyed users to evaluate their attitudes toward these mitigations and understand the factors that merchants should consider before implementing these strategies. We find that the scam is easy to scale-and can bypass traditional anti-fraud efforts-and thus poses a notable threat to online retailers.
UR - http://www.scopus.com/inward/record.url?scp=85104014091&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85104014091&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85104014091
T3 - Proceedings of the 30th USENIX Security Symposium
SP - 4169
EP - 4186
BT - Proceedings of the 30th USENIX Security Symposium
PB - USENIX Association
Y2 - 11 August 2021 through 13 August 2021
ER -