LogoMotive

Detecting Logos on Websites to Identify Online Scams - A TLD Case Study

Conference paper (2022)

Authors

Thijs van den Hout SIDN Labs

Thymen Wabeke SIDN Labs

Giovane C. M. Moura , SIDN Labs

Cristian Hesselman SIDN Labs, University of Twente

DOI: https://doi.org/10.1007/978-3-030-98785-5_1

To reference this document use:

http://resolver.tudelft.nl/uuid:903222c7-ff80-4857-b910-15e65de09ab1

More Info

expand_more

Published Date

2022

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

Logos give a website a familiar feel and promote trust. Scammers take advantage of that by using well-known organizations’ logos on malicious websites. Unsuspecting Internet users see these logos and think they are looking at a government website or legitimate webshop, when it is a phishing site, a counterfeit webshop, or a site set up to spread misinformation. We present the largest logo detection study on websites to date. We analyze 6.2M domain names from the Netherlands ’ country-code top-level domain.nl, in two case studies to detect logo misuse for two organizations: the Dutch national government and Thuiswinkel Waarborg, an organization that issues certified webshop trust marks. We show how we can detect phishing, spear phishing, dormant phishing attacks, and brand misuse. To that end, we developed LogoMotive, an application that crawls domain names, generates screenshots, and detects logos using supervised machine learning. LogoMotive is operational in the.nl registry, and it is generalizable to detect any other logo in any DNS zone to help identify abuse.

Files

978_3_030_98785_5_1.pdf

(pdf | 2.15 Mb)

- Embargo expired in 01-07-2023