Email Babel: does language affect criminal activity in compromised webmail accounts?
Files
Accepted manuscript
Date
2017
DOI
Authors
Bernard-Jones, Emeric
Onaolapo, Jeremiah
Stringhini, Gianluca
Version
Accepted manuscript
OA Version
Citation
Emeric Bernard-Jones, Jeremiah Onaolapo, Gianluca Stringhini. 2017. "Email Babel: Does Language Affect Criminal Activity in Compromised Webmail Accounts?." CoRR, Volume abs/1704.07759,
Abstract
We set out to understand the effects of differing
language on the ability of cybercriminals to navigate webmail
accounts and locate sensitive information in them. To this end,
we configured thirty Gmail honeypot accounts with English,
Romanian, and Greek language settings. We populated the
accounts with email messages in those languages by subscribing
them to selected online newsletters. We hid email messages about
fake bank accounts in fifteen of the accounts to mimic real-world
webmail users that sometimes store sensitive information in their
accounts. We then leaked credentials to the honey accounts via
paste sites on the Surface Web and the Dark Web, and collected
data for fifteen days. Our statistical analyses on the data show that
cybercriminals are more likely to discover sensitive information
(bank account information) in the Greek accounts than the
remaining accounts, contrary to the expectation that Greek
ought to constitute a barrier to the understanding of non-Greek
visitors to the Greek accounts. We also extracted the important
words among the emails that cybercriminals accessed (as an
approximation of the keywords that they searched for within
the honey accounts), and found that financial terms featured
among the top words. In summary, we show that language plays a
significant role in the ability of cybercriminals to access sensitive
information hidden in compromised webmail accounts.