{"id":"https://openalex.org/W2765227388","doi":"https://doi.org/10.1145/3133956.3134067","title":"Data Breaches, Phishing, or Malware?","display_name":"Data Breaches, Phishing, or Malware?","publication_year":2017,"publication_date":"2017-10-27","ids":{"openalex":"https://openalex.org/W2765227388","doi":"https://doi.org/10.1145/3133956.3134067","mag":"2765227388"},"language":"en","primary_location":{"id":"doi:10.1145/3133956.3134067","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3133956.3134067","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5024050018","display_name":"Kurt Thomas","orcid":"https://orcid.org/0000-0002-3762-5851"},"institutions":[{"id":"https://openalex.org/I1291425158","display_name":"Google (United States)","ror":"https://ror.org/00njsd438","country_code":"US","type":"company","lineage":["https://openalex.org/I1291425158","https://openalex.org/I4210128969"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Kurt Thomas","raw_affiliation_strings":["Google, Mountain View, CA, USA"],"affiliations":[{"raw_affiliation_string":"Google, Mountain View, CA, USA","institution_ids":["https://openalex.org/I1291425158"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050884723","display_name":"Frank Li","orcid":"https://orcid.org/0000-0003-2242-048X"},"institutions":[{"id":"https://openalex.org/I95457486","display_name":"University of California, Berkeley","ror":"https://ror.org/01an7q238","country_code":"US","type":"education","lineage":["https://openalex.org/I95457486"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Frank Li","raw_affiliation_strings":["University of California, Berkeley, Berkeley, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Berkeley, Berkeley, CA, USA","institution_ids":["https://openalex.org/I95457486"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004384498","display_name":"Ali Zand","orcid":"https://orcid.org/0000-0002-9095-0493"},"institutions":[{"id":"https://openalex.org/I1291425158","display_name":"Google (United States)","ror":"https://ror.org/00njsd438","country_code":"US","type":"company","lineage":["https://openalex.org/I1291425158","https://openalex.org/I4210128969"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ali Zand","raw_affiliation_strings":["Google, Mountain View, CA, USA"],"affiliations":[{"raw_affiliation_string":"Google, Mountain View, CA, USA","institution_ids":["https://openalex.org/I1291425158"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102507481","display_name":"Jacob Barrett","orcid":null},"institutions":[{"id":"https://openalex.org/I1291425158","display_name":"Google (United States)","ror":"https://ror.org/00njsd438","country_code":"US","type":"company","lineage":["https://openalex.org/I1291425158","https://openalex.org/I4210128969"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jacob Barrett","raw_affiliation_strings":["Google, Mountain Vieww, CA, USA"],"affiliations":[{"raw_affiliation_string":"Google, Mountain Vieww, CA, USA","institution_ids":["https://openalex.org/I1291425158"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5020280626","display_name":"Juri Ranieri","orcid":null},"institutions":[{"id":"https://openalex.org/I1291425158","display_name":"Google (United States)","ror":"https://ror.org/00njsd438","country_code":"US","type":"company","lineage":["https://openalex.org/I1291425158","https://openalex.org/I4210128969"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Juri Ranieri","raw_affiliation_strings":["Google, Mountain View, CA, USA"],"affiliations":[{"raw_affiliation_string":"Google, Mountain View, CA, USA","institution_ids":["https://openalex.org/I1291425158"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064912041","display_name":"Luca Invernizzi","orcid":"https://orcid.org/0000-0001-8420-0760"},"institutions":[{"id":"https://openalex.org/I1291425158","display_name":"Google (United States)","ror":"https://ror.org/00njsd438","country_code":"US","type":"company","lineage":["https://openalex.org/I1291425158","https://openalex.org/I4210128969"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Luca Invernizzi","raw_affiliation_strings":["Google, Mountain View, CA, USA"],"affiliations":[{"raw_affiliation_string":"Google, Mountain View, CA, USA","institution_ids":["https://openalex.org/I1291425158"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059950509","display_name":"Yarik Markov","orcid":null},"institutions":[{"id":"https://openalex.org/I1291425158","display_name":"Google (United States)","ror":"https://ror.org/00njsd438","country_code":"US","type":"company","lineage":["https://openalex.org/I1291425158","https://openalex.org/I4210128969"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yarik Markov","raw_affiliation_strings":["Google, Mountain View, CA, USA"],"affiliations":[{"raw_affiliation_string":"Google, Mountain View, CA, USA","institution_ids":["https://openalex.org/I1291425158"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045915424","display_name":"Oxana Comanescu","orcid":null},"institutions":[{"id":"https://openalex.org/I1291425158","display_name":"Google (United States)","ror":"https://ror.org/00njsd438","country_code":"US","type":"company","lineage":["https://openalex.org/I1291425158","https://openalex.org/I4210128969"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Oxana Comanescu","raw_affiliation_strings":["Google, Mountain View, CA, USA"],"affiliations":[{"raw_affiliation_string":"Google, Mountain View, CA, USA","institution_ids":["https://openalex.org/I1291425158"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063234281","display_name":"Vijay Eranti","orcid":null},"institutions":[{"id":"https://openalex.org/I1291425158","display_name":"Google (United States)","ror":"https://ror.org/00njsd438","country_code":"US","type":"company","lineage":["https://openalex.org/I1291425158","https://openalex.org/I4210128969"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Vijay Eranti","raw_affiliation_strings":["Google, Mountain View, CA, USA"],"affiliations":[{"raw_affiliation_string":"Google, Mountain View, CA, USA","institution_ids":["https://openalex.org/I1291425158"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5059568038","display_name":"Angelika Moscicki","orcid":null},"institutions":[{"id":"https://openalex.org/I1291425158","display_name":"Google (United States)","ror":"https://ror.org/00njsd438","country_code":"US","type":"company","lineage":["https://openalex.org/I1291425158","https://openalex.org/I4210128969"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Angelika Moscicki","raw_affiliation_strings":["Google, Mountain View, CA, USA"],"affiliations":[{"raw_affiliation_string":"Google, Mountain View, CA, USA","institution_ids":["https://openalex.org/I1291425158"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5090620683","display_name":"Daniel Margolis","orcid":null},"institutions":[{"id":"https://openalex.org/I1291425158","display_name":"Google (United States)","ror":"https://ror.org/00njsd438","country_code":"US","type":"company","lineage":["https://openalex.org/I1291425158","https://openalex.org/I4210128969"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Daniel Margolis","raw_affiliation_strings":["Google, Mountain View, CA, USA"],"affiliations":[{"raw_affiliation_string":"Google, Mountain View, CA, USA","institution_ids":["https://openalex.org/I1291425158"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5002219113","display_name":"Vern Paxson","orcid":"https://orcid.org/0009-0005-2673-543X"},"institutions":[{"id":"https://openalex.org/I95457486","display_name":"University of California, Berkeley","ror":"https://ror.org/01an7q238","country_code":"US","type":"education","lineage":["https://openalex.org/I95457486"]},{"id":"https://openalex.org/I1297971548","display_name":"International Computer Science Institute","ror":"https://ror.org/01ewh7m12","country_code":"US","type":"nonprofit","lineage":["https://openalex.org/I1297971548"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Vern Paxson","raw_affiliation_strings":["University of California, Berkeley &amp; International Computer Science Institute, Berkeley, CA, USA"],"affiliations":[{"raw_affiliation_string":"University of California, Berkeley &amp; International Computer Science Institute, Berkeley, CA, USA","institution_ids":["https://openalex.org/I1297971548","https://openalex.org/I95457486"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5058819105","display_name":"Elie Bursztein","orcid":"https://orcid.org/0000-0003-0316-6906"},"institutions":[{"id":"https://openalex.org/I1291425158","display_name":"Google (United States)","ror":"https://ror.org/00njsd438","country_code":"US","type":"company","lineage":["https://openalex.org/I1291425158","https://openalex.org/I4210128969"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Elie Bursztein","raw_affiliation_strings":["Google, Mountain View, CA, USA"],"affiliations":[{"raw_affiliation_string":"Google, Mountain View, CA, USA","institution_ids":["https://openalex.org/I1291425158"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":13,"corresponding_author_ids":["https://openalex.org/A5024050018"],"corresponding_institution_ids":["https://openalex.org/I1291425158"],"apc_list":null,"apc_paid":null,"fwci":40.3363,"has_fulltext":false,"cited_by_count":176,"citation_normalized_percentile":{"value":0.99775012,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":99,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"1421","last_page":"1434"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/phishing","display_name":"Phishing","score":0.9415550827980042},{"id":"https://openalex.org/keywords/credential","display_name":"Credential","score":0.9143292903900146},{"id":"https://openalex.org/keywords/password","display_name":"Password","score":0.9048742651939392},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7698242664337158},{"id":"https://openalex.org/keywords/data-breach","display_name":"Data breach","score":0.7400182485580444},{"id":"https://openalex.org/keywords/identity-theft","display_name":"Identity theft","score":0.6999009847640991},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6906538009643555},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.6735350489616394},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6454628705978394},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.5200164318084717},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.3086172044277191},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.26701268553733826}],"concepts":[{"id":"https://openalex.org/C83860907","wikidata":"https://www.wikidata.org/wiki/Q135005","display_name":"Phishing","level":3,"score":0.9415550827980042},{"id":"https://openalex.org/C2777810591","wikidata":"https://www.wikidata.org/wiki/Q16861606","display_name":"Credential","level":2,"score":0.9143292903900146},{"id":"https://openalex.org/C109297577","wikidata":"https://www.wikidata.org/wiki/Q161157","display_name":"Password","level":2,"score":0.9048742651939392},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7698242664337158},{"id":"https://openalex.org/C165609540","wikidata":"https://www.wikidata.org/wiki/Q1172486","display_name":"Data breach","level":2,"score":0.7400182485580444},{"id":"https://openalex.org/C522325796","wikidata":"https://www.wikidata.org/wiki/Q471880","display_name":"Identity theft","level":2,"score":0.6999009847640991},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6906538009643555},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.6735350489616394},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6454628705978394},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.5200164318084717},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.3086172044277191},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.26701268553733826}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3133956.3134067","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3133956.3134067","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6899999976158142,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G1128201210","display_name":null,"funder_award_id":"CNS-1237265","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W1463518955","https://openalex.org/W1487941708","https://openalex.org/W1593325297","https://openalex.org/W1606590080","https://openalex.org/W1634470931","https://openalex.org/W1965586806","https://openalex.org/W1999101254","https://openalex.org/W2024711043","https://openalex.org/W2030112111","https://openalex.org/W2048755632","https://openalex.org/W2054626033","https://openalex.org/W2059621117","https://openalex.org/W2073342447","https://openalex.org/W2100307718","https://openalex.org/W2132903355","https://openalex.org/W2133824719","https://openalex.org/W2135359429","https://openalex.org/W2155743899","https://openalex.org/W2184387311","https://openalex.org/W2338036545","https://openalex.org/W2396652156","https://openalex.org/W2412002624","https://openalex.org/W2413416220","https://openalex.org/W2424402128","https://openalex.org/W2463456957","https://openalex.org/W2522120027","https://openalex.org/W2531223178","https://openalex.org/W2550183133"],"related_works":["https://openalex.org/W2528031162","https://openalex.org/W1885384230","https://openalex.org/W2595760708","https://openalex.org/W182956790","https://openalex.org/W2186893595","https://openalex.org/W4306970088","https://openalex.org/W1981963489","https://openalex.org/W4235239127","https://openalex.org/W2322673779","https://openalex.org/W3038348450"],"abstract_inverted_index":{"In":[0],"this":[1,65],"paper,":[2],"we":[3,34,67,108,122,153],"present":[4],"the":[5,11,19,28,72,145,156,160,167,195],"first":[6],"longitudinal":[7],"measurement":[8],"study":[9],"of":[10,25,30,39,46,78,93,111,147,159,178],"underground":[12],"ecosystem":[13],"fueling":[14],"credential":[15,164],"theft":[16,165],"and":[17,49,53,59,139,166,188],"assess":[18],"risk":[20,131,146,151],"it":[21],"poses":[22],"to":[23,69,83,98,128,143],"millions":[24],"users.":[26],"Over":[27],"course":[29],"March,":[31],"2016--March,":[32],"2017,":[33],"identify":[35],"788,000":[36],"potential":[37,44],"victims":[38,45],"off-the-shelf":[40],"keyloggers;":[41],"12.4":[42],"million":[43],"phishing":[47,185],"kits;":[48],"1.9":[50],"billion":[51],"usernames":[52],"passwords":[54,113],"exposed":[55,112],"via":[56],"data":[57],"breaches":[58],"traded":[60],"on":[61,181],"blackmarket":[62],"forums.":[63],"Using":[64],"dataset,":[66],"explore":[68],"what":[70],"degree":[71],"stolen":[73],"passwords---which":[74],"originate":[75],"from":[76],"thousands":[77],"online":[79,95],"services---enable":[80],"an":[81],"attacker":[82],"obtain":[84],"a":[85,105,115,135,175],"victim's":[86,116],"valid":[87],"email":[88],"credentials---and":[89],"thus":[90],"complete":[91],"control":[92],"their":[94],"identity":[96],"due":[97],"transitive":[99],"trust.":[100],"Drawing":[101],"upon":[102],"Google":[103,117],"as":[104,134],"case":[106],"study,":[107],"find":[109],"7--25%":[110],"match":[114],"account.":[118],"For":[119],"these":[120,150],"accounts,":[121],"show":[123],"how":[124],"hardening":[125],"authentication":[126],"mechanisms":[127],"include":[129],"additional":[130],"signals":[132],"such":[133],"user's":[136],"historical":[137],"geolocations":[138],"device":[140],"profiles":[141],"helps":[142],"mitigate":[144],"hijacking.":[148],"Beyond":[149],"metrics,":[152],"delve":[154],"into":[155],"global":[157],"reach":[158],"miscreants":[161],"involved":[162],"in":[163],"blackhat":[168],"tools":[169],"they":[170],"rely":[171],"on.":[172],"We":[173],"observe":[174],"remarkable":[176],"lack":[177],"external":[179],"pressure":[180],"bad":[182],"actors,":[183],"with":[184],"kit":[186],"playbooks":[187],"keylogger":[189],"capabilities":[190],"remaining":[191],"largely":[192],"unchanged":[193],"since":[194],"mid-2000s.":[196]},"counts_by_year":[{"year":2025,"cited_by_count":28},{"year":2024,"cited_by_count":20},{"year":2023,"cited_by_count":16},{"year":2022,"cited_by_count":16},{"year":2021,"cited_by_count":16},{"year":2020,"cited_by_count":29},{"year":2019,"cited_by_count":30},{"year":2018,"cited_by_count":21}],"updated_date":"2026-03-12T08:34:05.389933","created_date":"2025-10-10T00:00:00"}