Daan Vansteenhuyse (DistriNet, KU Leuven), Hadji Musaev (DistriNet, KU Leuven), Lieven Desmet (DistriNet, KU Leuven)
Cybercriminals increasingly exploit the web, targeting millions of users and causing substantial financial losses. To combat these online scams, industry and academia have created databases consisting of malicious websites. By analyzing its properties, various detection mechanisms have been proposed to automatically identify fraudulent activity on the web. Although proven useful, these databases are curated, focus on the global perspective and lack insights of benign websites perceived as malicious by users. In this paper, we analyze user-reported scams from an anti-scam initiative, deployed in a European country, using topic modeling to uncover regional trends and user perceptions. Our findings inform the design of localized anti-cybercrime datasets and detection strategies.
Based on an initial manual analysis, we find most reported malicious activity takes place in the form of dating scams while a main portion of the dataset contains benign newsletters indicating the varying accuracy of user reports. Using BERTopic to extend the manual analysis, we show how it can be used to study the evolution of campaigns over time. We combine our insights into advice that can be used by anti-cybercrime organizations to set up similar datasets and describe how tools, such as topic modeling, can further aid both industry partners, to harden their anti-phishing defenses, and research institutions, to better study regional and psychological aspects associated with online fraud.