Annual Computer Security Applications Conference (ACSAC) 2023

Scamdog Millionaire: Detecting E-commerce Scams in the Wild

The Better Business Bureau ranked online e-commerce scams as the top consumer threat for 2022. Our measurements of real consumer devices confirm that e-commerce scams receive large traffic vol- umes, a total of 6.3M visits during seven months. In this work, we study e-commerce scams in depth and design a detection classifier that combines novel features that target salient characteristics of e-commerce scam websites and features for detecting malicious and scam domains proposed by prior work. In addition, we spec- ify a method for automatically creating reliable ground-truth sets that are an order of magnitude larger than that of prior work. We use this data set to evaluate the classifier and achieve a high 0.973 F1-score (Prec: 0.988, Rec: 0.959). In a best-effort comparison, we demonstrate that our classifier outperforms the F-1 score of the prior art by 11% and that our novel features offer an F1-score boost of 4.3% over the features used in the prior art. In addition, we deploy our classifier in a real-world setting, analyze over 760K e-shops visited by real users, and identify 10% of those as e-commerce scams. We demonstrate that the classifier has a low False Positive rate in real-world settings and can protect over 176K users in one week.

Platon Kotzias
Norton Research Group

Kevin Roundy
Norton Research Group

Michalis Pachilakis
Norton Research Group

Iskander Sanchez-Rola
Norton Research Group

Leyla Bilge
Norton Research Group

Paper (ACM DL)

Slides