{"id":"https://openalex.org/W4396695013","doi":"https://doi.org/10.1145/3664201","title":"Know their Customers: An Empirical Study of Online Account Enumeration Attacks","display_name":"Know their Customers: An Empirical Study of Online Account Enumeration Attacks","publication_year":2024,"publication_date":"2024-05-07","ids":{"openalex":"https://openalex.org/W4396695013","doi":"https://doi.org/10.1145/3664201"},"language":"en","primary_location":{"id":"doi:10.1145/3664201","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3664201","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3664201","source":{"id":"https://openalex.org/S131231701","display_name":"ACM Transactions on the Web","issn_l":"1559-1131","issn":["1559-1131","1559-114X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on the Web","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3664201","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5096741529","display_name":"Ma\u00ebl Maceiras","orcid":"https://orcid.org/0009-0006-9106-9303"},"institutions":[{"id":"https://openalex.org/I97565354","display_name":"University of Lausanne","ror":"https://ror.org/019whta54","country_code":"CH","type":"education","lineage":["https://openalex.org/I97565354"]}],"countries":["CH"],"is_corresponding":true,"raw_author_name":"Ma\u00ebl Maceiras","raw_affiliation_strings":["Department of Information Systems (DESI), University of Lausanne, Lausanne, Switzerland"],"raw_orcid":"https://orcid.org/0009-0006-9106-9303","affiliations":[{"raw_affiliation_string":"Department of Information Systems (DESI), University of Lausanne, Lausanne, Switzerland","institution_ids":["https://openalex.org/I97565354"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015534379","display_name":"Kavous Salehzadeh Niksirat","orcid":"https://orcid.org/0000-0003-4438-3544"},"institutions":[{"id":"https://openalex.org/I5124864","display_name":"\u00c9cole Polytechnique F\u00e9d\u00e9rale de Lausanne","ror":"https://ror.org/02s376052","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I5124864"]},{"id":"https://openalex.org/I97565354","display_name":"University of Lausanne","ror":"https://ror.org/019whta54","country_code":"CH","type":"education","lineage":["https://openalex.org/I97565354"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Kavous Salehzadeh Niksirat","raw_affiliation_strings":["Department of Information Systems (DESI), University of Lausanne, Lausanne, Switzerland","School of Computer and Communication Sciences, EPFL, Lausanne, Switzerland","Department of Information Systems (DESI), University of Lausanne, Lausanne, Switzerland School of Computer and Communication Sciences, EPFL, Lausanne, Switzerland"],"raw_orcid":"https://orcid.org/0000-0003-4438-3544","affiliations":[{"raw_affiliation_string":"Department of Information Systems (DESI), University of Lausanne, Lausanne, Switzerland","institution_ids":["https://openalex.org/I97565354"]},{"raw_affiliation_string":"School of Computer and Communication Sciences, EPFL, Lausanne, Switzerland","institution_ids":["https://openalex.org/I5124864"]},{"raw_affiliation_string":"Department of Information Systems (DESI), University of Lausanne, Lausanne, Switzerland School of Computer and Communication Sciences, EPFL, Lausanne, Switzerland","institution_ids":["https://openalex.org/I5124864","https://openalex.org/I97565354"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5056628341","display_name":"Ga\u00ebl Bernard","orcid":"https://orcid.org/0000-0001-7299-1286"},"institutions":[{"id":"https://openalex.org/I5124864","display_name":"\u00c9cole Polytechnique F\u00e9d\u00e9rale de Lausanne","ror":"https://ror.org/02s376052","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I5124864"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Ga\u00ebl Bernard","raw_affiliation_strings":["Vice Presidency for Academic Affairs, EPFL, Lausanne, Switzerland"],"raw_orcid":"https://orcid.org/0000-0001-7299-1286","affiliations":[{"raw_affiliation_string":"Vice Presidency for Academic Affairs, EPFL, Lausanne, Switzerland","institution_ids":["https://openalex.org/I5124864"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5003921716","display_name":"Beno\u00eet Garbinato","orcid":"https://orcid.org/0000-0002-3952-9273"},"institutions":[{"id":"https://openalex.org/I97565354","display_name":"University of Lausanne","ror":"https://ror.org/019whta54","country_code":"CH","type":"education","lineage":["https://openalex.org/I97565354"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Benoit Garbinato","raw_affiliation_strings":["Department of Information Systems (DESI), University of Lausanne, Lausanne, Switzerland"],"raw_orcid":"https://orcid.org/0000-0002-3952-9273","affiliations":[{"raw_affiliation_string":"Department of Information Systems (DESI), University of Lausanne, Lausanne, Switzerland","institution_ids":["https://openalex.org/I97565354"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033262697","display_name":"Mauro Cherubini","orcid":"https://orcid.org/0000-0002-1860-6110"},"institutions":[{"id":"https://openalex.org/I97565354","display_name":"University of Lausanne","ror":"https://ror.org/019whta54","country_code":"CH","type":"education","lineage":["https://openalex.org/I97565354"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Mauro Cherubini","raw_affiliation_strings":["Department of Information Systems (DESI), University of Lausanne, Lausanne, Switzerland"],"raw_orcid":"https://orcid.org/0000-0002-1860-6110","affiliations":[{"raw_affiliation_string":"Department of Information Systems (DESI), University of Lausanne, Lausanne, Switzerland","institution_ids":["https://openalex.org/I97565354"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053332520","display_name":"Mathias Humbert","orcid":"https://orcid.org/0000-0001-5046-1727"},"institutions":[{"id":"https://openalex.org/I97565354","display_name":"University of Lausanne","ror":"https://ror.org/019whta54","country_code":"CH","type":"education","lineage":["https://openalex.org/I97565354"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Mathias Humbert","raw_affiliation_strings":["Department of Information Systems (DESI), University of Lausanne, Lausanne, Switzerland"],"raw_orcid":"https://orcid.org/0000-0001-5046-1727","affiliations":[{"raw_affiliation_string":"Department of Information Systems (DESI), University of Lausanne, Lausanne, Switzerland","institution_ids":["https://openalex.org/I97565354"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5017780534","display_name":"K\u00e9vin Huguenin","orcid":"https://orcid.org/0000-0001-7147-1828"},"institutions":[{"id":"https://openalex.org/I97565354","display_name":"University of Lausanne","ror":"https://ror.org/019whta54","country_code":"CH","type":"education","lineage":["https://openalex.org/I97565354"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"K\u00e9vin Huguenin","raw_affiliation_strings":["Department of Information Systems, UNIL, Lausanne, Switzerland"],"raw_orcid":"https://orcid.org/0000-0001-7147-1828","affiliations":[{"raw_affiliation_string":"Department of Information Systems, UNIL, Lausanne, Switzerland","institution_ids":["https://openalex.org/I97565354"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5096741529"],"corresponding_institution_ids":["https://openalex.org/I97565354"],"apc_list":null,"apc_paid":null,"fwci":3.0674,"has_fulltext":true,"cited_by_count":3,"citation_normalized_percentile":{"value":0.91370288,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":"18","issue":"3","first_page":"1","last_page":"36"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/phishing","display_name":"Phishing","score":0.8593862652778625},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7288380265235901},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.666398823261261},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.6390924453735352},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.6173001527786255},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.591801106929779},{"id":"https://openalex.org/keywords/service-provider","display_name":"Service provider","score":0.55096834897995},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.5457826852798462},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.49146902561187744},{"id":"https://openalex.org/keywords/service","display_name":"Service (business)","score":0.4697314500808716},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.15025031566619873}],"concepts":[{"id":"https://openalex.org/C83860907","wikidata":"https://www.wikidata.org/wiki/Q135005","display_name":"Phishing","level":3,"score":0.8593862652778625},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7288380265235901},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.666398823261261},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.6390924453735352},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.6173001527786255},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.591801106929779},{"id":"https://openalex.org/C116537","wikidata":"https://www.wikidata.org/wiki/Q2169973","display_name":"Service provider","level":3,"score":0.55096834897995},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.5457826852798462},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.49146902561187744},{"id":"https://openalex.org/C2780378061","wikidata":"https://www.wikidata.org/wiki/Q25351891","display_name":"Service (business)","level":2,"score":0.4697314500808716},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.15025031566619873},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1145/3664201","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3664201","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3664201","source":{"id":"https://openalex.org/S131231701","display_name":"ACM Transactions on the Web","issn_l":"1559-1131","issn":["1559-1131","1559-114X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on the Web","raw_type":"journal-article"},{"id":"pmh:oai:HAL:hal-04562671v1","is_oa":true,"landing_page_url":"https://hal.science/hal-04562671","pdf_url":"https://hal.science/hal-04562671v1/document","source":{"id":"https://openalex.org/S4306402512","display_name":"HAL (Le Centre pour la Communication Scientifique Directe)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1294671590","host_organization_name":"Centre National de la Recherche Scientifique","host_organization_lineage":["https://openalex.org/I1294671590"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ACM Transactions on the Web, 2024, 18 (3), pp.37:1-37:36. &#x27E8;10.1145/3664201&#x27E9;","raw_type":"Journal articles"},{"id":"pmh:oai:serval.unil.ch:BIB_912816455634","is_oa":true,"landing_page_url":"https://serval.unil.ch/notice/serval:BIB_912816455634","pdf_url":"https://serval.unil.ch/resource/serval:BIB_912816455634.P001/REF.pdf","source":{"id":"https://openalex.org/S4306401797","display_name":"SERVAL (Universit\u00e9 de Lausanne)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210093590","host_organization_name":"Swiss School of Archaeology in Greece","host_organization_lineage":["https://openalex.org/I4210093590"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"ACM Transactions on the Web, vol. 18, no. 3, pp. 37:1-37:36","raw_type":"info:eu-repo/semantics/acceptedVersion"},{"id":"pmh:oai:iris.unil.ch:iris/195443","is_oa":true,"landing_page_url":"https://iris.unil.ch/handle/iris/195443","pdf_url":null,"source":{"id":"https://openalex.org/S7407055444","display_name":"IRIS","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"journal article"}],"best_oa_location":{"id":"doi:10.1145/3664201","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3664201","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3664201","source":{"id":"https://openalex.org/S131231701","display_name":"ACM Transactions on the Web","issn_l":"1559-1131","issn":["1559-1131","1559-114X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on the Web","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/10","display_name":"Reduced inequalities","score":0.6700000166893005}],"awards":[{"id":"https://openalex.org/G3248460374","display_name":null,"funder_award_id":"22018","funder_id":"https://openalex.org/F4320321942","funder_display_name":"Hasler Stiftung"}],"funders":[{"id":"https://openalex.org/F4320321942","display_name":"Hasler Stiftung","ror":"https://ror.org/04m3t9183"}],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4396695013.pdf"},"referenced_works_count":36,"referenced_works":["https://openalex.org/W1515945955","https://openalex.org/W1980767298","https://openalex.org/W2024029628","https://openalex.org/W2086147103","https://openalex.org/W2089775132","https://openalex.org/W2108384401","https://openalex.org/W2122750868","https://openalex.org/W2163241745","https://openalex.org/W2292723020","https://openalex.org/W2403516514","https://openalex.org/W2610906739","https://openalex.org/W2611043134","https://openalex.org/W2736747074","https://openalex.org/W2773297737","https://openalex.org/W2794995912","https://openalex.org/W2892161609","https://openalex.org/W2909986196","https://openalex.org/W2929264149","https://openalex.org/W2985186227","https://openalex.org/W2991497622","https://openalex.org/W3030249566","https://openalex.org/W3030858198","https://openalex.org/W3086789190","https://openalex.org/W3099188965","https://openalex.org/W3111393260","https://openalex.org/W3162570939","https://openalex.org/W4200614889","https://openalex.org/W4288057702","https://openalex.org/W4295699112","https://openalex.org/W4366549109","https://openalex.org/W4366550444","https://openalex.org/W4366590135","https://openalex.org/W4385517833","https://openalex.org/W4386240834","https://openalex.org/W4396832380","https://openalex.org/W4396833206"],"related_works":["https://openalex.org/W2149202530","https://openalex.org/W2807822918","https://openalex.org/W2921723332","https://openalex.org/W4391093354","https://openalex.org/W2482950156","https://openalex.org/W4396966040","https://openalex.org/W2305322260","https://openalex.org/W3139248031","https://openalex.org/W3042334625","https://openalex.org/W4200017362"],"abstract_inverted_index":{"Internet":[0],"users":[1,137],"possess":[2],"accounts":[3,85],"on":[4,26,64,75,154,164,174],"dozens":[5],"of":[6,16,98,112,129,136,194],"online":[7],"services":[8,28,66,131,153],"where":[9],"they":[10,156],"are":[11],"often":[12,21],"identified":[13,56],"by":[14,57],"one":[15],"their":[17,33,58,139,145,179,197],"e-mail":[18,59],"addresses.":[19],"They":[20],"use":[22],"the":[23,96,126,134,165,192],"same":[24],"address":[25],"multiple":[27],"and":[29,93,105,119,133,173],"for":[30,170,177],"communicating":[31],"with":[32,185],"contacts.":[34],"In":[35],"this":[36],"paper,":[37],"we":[38],"investigate":[39],"attacks":[40,74,108],"that":[41,151],"enable":[42],"an":[43,54,62,68,158],"adversary":[44],"(e.g.,":[45],"company,":[46],"friend)":[47],"to":[48,89,148,191],"determine":[49],"(stealthily":[50],"or":[51],"not)":[52],"whether":[53],"individual,":[55],"address,":[60],"has":[61],"account":[63,69,76,140,180],"certain":[65],"(i.e.,":[67],"enumeration":[70],"attack":[71],").":[72],"Such":[73],"privacy":[77],"have":[78,157],"serious":[79],"implications":[80],"as":[81,142,144],"information":[82],"about":[83,138],"one\u2019s":[84],"can":[86],"be":[87],"used":[88],"(1)":[90],"profile":[91],"them":[92],"(2)":[94],"improve":[95],"effectiveness":[97],"phishing.":[99],"We":[100,124,160],"take":[101],"a":[102,110],"multifaceted":[103],"approach":[104],"study":[106],"these":[107],"through":[109],"combination":[111],"experiments":[113],"(63":[114],"services),":[115],"surveys":[116],"(318":[117],"respondents),":[118],"focus":[120],"groups":[121],"(13":[122],"participants).":[123],"demonstrate":[125],"high":[127],"vulnerability":[128],"popular":[130],"(93.7%)":[132],"concerns":[135],"privacy,":[141],"well":[143],"increased":[146],"susceptibility":[147],"phishing":[149],"e-mails":[150],"impersonate":[152],"which":[155],"account.":[159],"also":[161],"provide":[162],"findings":[163],"challenges":[166],"in":[167,196],"implementing":[168],"countermeasures":[169],"service":[171],"providers":[172],"users\u2019":[175],"ideas":[176],"enhancing":[178],"privacy.":[181],"Finally,":[182],"our":[183],"interaction":[184],"national":[186],"data":[187],"protection":[188],"authorities":[189],"led":[190],"inclusion":[193],"recommendations":[195],"developers\u2019":[198],"guide.":[199]},"counts_by_year":[{"year":2025,"cited_by_count":3}],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2025-10-10T00:00:00"}