Confronting One-Click Fraud in Japan

Faculty member leads exciting research

One-click fraud research

The international research community applauds the work of an INI team and their extensive research on one-click fraud in Japan. The team is led by Nicolas Christin, associate director of the INI, faculty member of the INI and ECE, and systems scientist at CyLab, and includes Sally Yanagihara, an alumna from the INI's Kobe Master of Science in Information Technology - Information Security program (MS20), and Keisuke Kamataki (Machine Learning Department).

One-click fraud is an increasing problem in Japan, despite targeted efforts by policy makers and law enforcement, according to Dr. Christin. In this scam, a person browsing the Internet is suddenly informed they have just agreed to pay a registration fee after simply clicking on a link. They do not owe any money legally, but they pay the scammer out of feelings of shame for clicking on the link--typically for pornographic material--and to avoid further embarrassment if others were to mistakenly assume they subscribed to such material.

The research team analyzed over 2,000 incidents of one-click fraud to uncover a fascinating profile on this type of scammer. The findings showed that the majority of the crimes traced back to a just a few culprits and also revealed the loopholes they exploited. Furthermore, the team found that these criminals had taken advantage of a highly lucrative scam that involved little risk. The culprits generally were not involved in other types of cyber crime, such as spamming. The research findings are published in "Dissecting One Click Frauds" in the Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS 2010), pages 15-26.

"The most interesting result to us was that, by simply correlating across different frauds a few attributes, such as the phone numbers or bank accounts used by the fraudsters, we could actually clearly see some patterns emerge and trace back more than half of the frauds we investigated to less than ten groups. This clearly outlined the need for cooperation between different branches of law enforcement," said Dr. Christin. "The reason why the police apparently did not notice some of these patterns is that the agents in charge of investigating phone fraud, bank fraud, and online fraud all do an excellent job, but usually belong to different departments, and do not necessarily have much incentive to share data with their colleagues."

Nicolas Christin presented at ACM Conference on Computer and Communications Security in Chicago during October 2010. The ACM Conference is a top gathering of information security researchers, practitioners, developers and users. The speakers present on all theoretical and practical aspects of computer security. Dr. Christin presented the research a week later at the Information Promotion Agency in Tokyo.