New research signals trouble for Skype fraudsters

Life could become more difficult for fraudsters on Skype thanks to research by Microsoft boffins that promises to cut down on fake accounts across the platform.

The research combined information from diverse sources including a user's profile, activities and social connections into a supervised machine learning environment that could automate the presently manual tasks of fraud detection.

The results show the framework boosted fraud detection rates for particular account types by 68 per cent with a 5 per cent false positive rate.

"The kinds of fraud relevant to Skype include, in particular, credit card fraud and other online payment fraud, as well as account abuse such as spam instant messages," read the research report.

"Our aim is to catch those fraudsters that elude the first line of defences at Skype.

"The reduction in volume [of fraud] is apparent."

Financial institutions spend on average more than half of their fraud management budgets on human resources devoted to manually reviewing possibly fraudulent accounts, the report noted.

Moises Goldszmidt, Yinglian Xie, Fang Yu, Martín Abadi of Microsoft Research and Anna Leontjeva of the University of Tartu, Estonia, conducted the research across 34,000 users that included a mix of legitimate and fraudulent accounts chosen from an initial randomised pool of 200,000 users that had not been blocked for more than four months since creating an account.

"We selected the period of four months as a compromise: longer periods may result in more information, but our data pertains to a limited time window, and in addition we expect that relatively few fraudulent users escape detection for many months," read the report.

The research captured and analysed account habits of the captured Skype users limited to what communications methods they used and how often. The content of calls was not recorded and Skype usernames were anonymised using a one-way salted hash.

The team wrote that fraudulent accounts were easier to detect when inactive after four months but became hard to find if they remained active for more than 10 months after account creation. The framework still reduced the more slippery fraudulent accounts by a factor of 2.3, the paper noted.

Most of the fraudulent accounts operating on Skype were hacked legitimate users, the team posited.

The preliminary research has yet to be wound into Skype, but promises to reduce the cost of fraud to both users and Microsoft.

Further research should be conducted into developing more elaborate methods of combining classifiers in a bid to outfox fraudsters by more thoroughly understanding their behaviour, the paper read.

"It should also be interesting to perform experiments with longer time series, attempting in particular to detect points in time at which users change behaviour. Those changes in behaviour sometimes result from account hijacking, a difficult, important problem that machine learning may help address."

Rise of the machines

Machine learning is a wing of artificial intelligence that focuses on building systems that can improve in function by analysing data, and was broadly measured by its efficiency in discovering known information in contrast to data mining which aimed to discover new information.

The theory underpins technology across fields as diverse as information security to stock market analysis and medicine. In 2009, US online film website Netflix handed out a million dollars to a research team who developed improvements that improved user preference predictions by 10 per cent.

The Skype research tested several classifiers including Random Forest, SVM, and logistic regression and selected the former for its superior accuracy rates.

Accounts of fraud committed over Skype were easy to find online ranging from spam voicemails and instant messages to blackmail and phishing.

In November, the Australian Government’s Stay Smart Online service (operated by ENEX TestLab which provides content for CSO Australia) warned of fraudsters operating on Skype who would con victims into opening their webcams in order to record footage for ensuing blackmail.

In one version, the scam originates from a dating website or social network site like Facebook. The scammer may pretend to be an attractive, potential partner and strike up an online relationship with you. It may take some time and seem extremely believable. Eventually, they may ask you to join a Skype (video) call with them.

"During the video call the scammer may attempt to lead you into participating in intimate, sexual activity or nudity, which can later be used to blackmail you. Scammers may use carefully prepared webcam images or footage of themselves which may initially seem flattering, but can increasingly become coercive and explicit. They steadily increase pressure on you to participate, which they record and later threaten to distribute online," read a post on staysmartonline.gov.au.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Tags skypefraud

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

IT Compliance Solutions

Enforce compliance consistently and cost-effectively across your organization.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.