Graph the characteristics of users who conduct cheating on the Internet


ByChristophe Verdier

There are various kinds of misconduct occurred online, such as spam mails and DoS attacks, which is annoying for the user. Sift Science analyzing and investigating such online fraudulent behavior makes it easy to understand the characteristics of users who engage in fraud and publishes it.

Seven Habits of Highly Fraudulent Users - Sift Science Blog
http://blog.siftscience.com/seven-habits-of-highly-fraudulent-users/

The following is a graph of the number of cases of unauthorized activity on the Internet occurring on a single day. The number of misbehavior increased from around 4:00 am and reached the peak of 1 day at 10 am. The number of fraudulent cases will not drop almost from 12 o'clock to 13 o'clock, which should be lunch break, and will begin to gradually decline from around 14 o'clock.


In the graph below, the vertical axis shows the percentage of fraudulent activity among the user's overall trends on the Internet, and the horizontal axis shows the time of one day. The rate of fraud is especially high from 2 am to 3 am. On the contrary, you can see that the fraud rate from 6 o'clock to 22 o'clock is quite low. According to Sift Science, many of the cheatings occurred at times when ordinary people are not working, that is, they are not using the company's PC.


Below is a chart of the proportion of domain names of mails used by users who engage in fraud. Country top level domains such as ".ca (Canada)" ".br (Brazil)" .jp (Japan) ".mx (Mexico)" .fr (France) "are often used, The ratio of in (India) has exceeded 2%.


According to Sift Science, the user who engages in fraud registers multiple accounts on one device, so that as the number of accounts registered in the device increases, the possibility that cheating is being done will increase about. The graph below is a graph of the number of accounts registered in the device and the possibility that the user is performing illegal activities. Looking at the graph, users who have registered 4 to 7 accounts on one device are 15 times more likely to be cheating than normal users.


When Sift Science examined which services are more frequently used for fraudulent use, Microsoft's service is overwhelmingly popular. The graph below enumerates the domain names of free e-mails used for fraud in accordance with the percentage used, and yellow is the service provided by Microsoft. It is "outlook.com" that is nothing, followed by "live.com" and "hotmail.com". "Microsoft's service has been a long time ago and because it was very easy to create an account at that time," Sift Science speculated about why Microsoft's service is used for cheating.


Sift Science has found that users acting cheaters tend to include numerous numbers in their email addresses. Graphical representation of the possibility of misconduct and the number of figures included in the e-mail address is as follows, e-mail address containing 5 to 8 numbers is about 2% top. However, even for e-mail addresses that contain only one number, it is about 1.7%, which is a lesser proportion than others, so it is better to stop judging by just the number of digits included in the e-mail address.


Users who engage in cheating are called "Thrown awayBecause I am preparing to use the created account immediately so that it tends to use, the longer the account use period, the lower the possibility that the user is working illegitimately. Graphing the possibility of misbehaving and the period of use of the account, the probability that the account on the 0-day use period is conducting cheating is 3%, but it decreased to 1% in about 15 days. When the use period exceeds 60 days, it becomes 1% or less, and the possibility of working illegal activities further decreases.


To summarize the survey contents of Sift Science, for example, when e-mail received between 2 o'clock and 3 o'clock in the middle of the night contains numerous figures in the address and it is a domain of Microsoft's service or a top level domain of India , It is more likely to be spam mail. Although it is a bit impossible to make only the research content of Sift Science a criterion for judging whether it is fraudulent, it is good to put it in a corner of the head.

in Note, Posted by darkhorse_log