Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

ScamChatBot: An End-to-End Analysis of Fake Account Recovery on Social Media via Chatbots

Bhupendra Acharya, Dominik Sautter, Muhammad Saad, Thorsten Holz

TL;DR

This work introduces ScamChatBot, an end-to-end framework that autonomously baits and analyzes social-media tech-support scams by deploying decoy honeyposts, engaging scammers through multilingual LLM-driven personas, and tracking their payment methods across three channels (X, Instagram, and email). By interacting with 450 scammers (out of 11,769 who engaged with decoys) and integrating data from PayPal, Chainabuse, and X, the study reveals the scam lifecycle, including victim verification, advance-fee demands, and diverse payment methods, as well as the prevalence of ML-generated text in scam communications. The system demonstrates scalable, automated scam detection and payment-profile extraction, providing valuable insights into attacker tactics, network structure, and cross-platform operations. The findings underscore the potential for industry collaboration to validate, disrupt, and deter fraud at scale, and the authors publish their tooling while withholding some sensitive data to prevent retribution.

Abstract

Social media platforms have become the hubs for various user interactions covering a wide range of needs, including technical support and services related to brands, products, or user accounts. Unfortunately, there has been a recent surge in scammers impersonating official services and providing fake technical support to users through these platforms. In this study, we focus on scammers engaging in such fake technical support to target users who are having problems recovering their accounts. More specifically, we focus on users encountering access problems with social media profiles (e.g., on platforms such as Facebook, Instagram, Gmail, and X) and cryptocurrency wallets. The main contribution of our work is the development of an automated system that interacts with scammers via a chatbot that mimics different personas. By initiating decoy interactions (e.g., through deceptive tweets), we have enticed scammers to interact with our system so that we can analyze their modus operandi. Our results show that scammers employ many social media profiles asking users to contact them via a few communication channels. Using a large language model (LLM), our chatbot had conversations with 450 scammers and provided valuable insights into their tactics and, most importantly, their payment profiles. This automated approach highlights how scammers use a variety of strategies, including role-playing, to trick victims into disclosing personal or financial information. With this study, we lay the foundation for using automated chat-based interactions with scammers to detect and study fraudulent activities at scale in an automated way.

ScamChatBot: An End-to-End Analysis of Fake Account Recovery on Social Media via Chatbots

TL;DR

This work introduces ScamChatBot, an end-to-end framework that autonomously baits and analyzes social-media tech-support scams by deploying decoy honeyposts, engaging scammers through multilingual LLM-driven personas, and tracking their payment methods across three channels (X, Instagram, and email). By interacting with 450 scammers (out of 11,769 who engaged with decoys) and integrating data from PayPal, Chainabuse, and X, the study reveals the scam lifecycle, including victim verification, advance-fee demands, and diverse payment methods, as well as the prevalence of ML-generated text in scam communications. The system demonstrates scalable, automated scam detection and payment-profile extraction, providing valuable insights into attacker tactics, network structure, and cross-platform operations. The findings underscore the potential for industry collaboration to validate, disrupt, and deter fraud at scale, and the authors publish their tooling while withholding some sensitive data to prevent retribution.

Abstract

Social media platforms have become the hubs for various user interactions covering a wide range of needs, including technical support and services related to brands, products, or user accounts. Unfortunately, there has been a recent surge in scammers impersonating official services and providing fake technical support to users through these platforms. In this study, we focus on scammers engaging in such fake technical support to target users who are having problems recovering their accounts. More specifically, we focus on users encountering access problems with social media profiles (e.g., on platforms such as Facebook, Instagram, Gmail, and X) and cryptocurrency wallets. The main contribution of our work is the development of an automated system that interacts with scammers via a chatbot that mimics different personas. By initiating decoy interactions (e.g., through deceptive tweets), we have enticed scammers to interact with our system so that we can analyze their modus operandi. Our results show that scammers employ many social media profiles asking users to contact them via a few communication channels. Using a large language model (LLM), our chatbot had conversations with 450 scammers and provided valuable insights into their tactics and, most importantly, their payment profiles. This automated approach highlights how scammers use a variety of strategies, including role-playing, to trick victims into disclosing personal or financial information. With this study, we lay the foundation for using automated chat-based interactions with scammers to detect and study fraudulent activities at scale in an automated way.

Paper Structure

This paper contains 75 sections, 5 figures, 6 tables.

Table of Contents

  1. Introduction
  2. Contributions
  3. Ethical Consideration and Data Disclosure
  4. System Design
  5. Attracting Scammers via Decoys
  6. Automated Engagement with Chatbots
  7. Engagement Pre-processing Filtration
  8. Scammer Engagement
  9. Dialogue Generation and Direct Messaging
  10. Persona Types and Configuration
  11. Qualitative Evaluation of Dataset
  12. Legitimacy of Data Filtration and Methodology Accuracy
  13. Repetition in Conversation/Suspicion
  14. Limitation to External Channel Communication
  15. Tracking and Correlation
  16. ...and 60 more sections

Figures (5)

  • Figure 1: ScamChatBot: An overview of our system, which consists of three main components: i) Decoy scammers which generate baiting tweets, ii) automated engagement which performs a conversation with scammers via a chatbot, and iii) tracking and correlation, which provides scammer's detail by tracking payment profiles and user social media profile data.
  • Figure 2: Interactions of scammers with our decoy profiles and our chatbot. The left graph shows the cumulative sum of scammers interacting with our honeyposts over the experiment duration. The middle graph shows the daily cumulative sum of scammers engaged via conversation with our system ScamChatBot. The right graph shows the cumulative sum of scammers based on various communication channel engagements with ScamChatBot.
  • Figure 3: Number of days scammers spent time with our system - In this graph we show the difference between the first response and last response from scammers interacting with our system.
  • Figure 4: Days of the week chat dialogue interactions - the graph shows text (chat dialogue) scammers performed via three different communication channels with our system ScamChatBot throughout the days of the week.
  • Figure 5: Graph on analysis of dialogue - In the left graph (a) we show the ML text score from each social media dialogue from scammers. In the middle graph (b), we show the total dialogue length between our system and scammers from each platform, while on the right side (c), we illustrate the total count of dialogue interactions needed from three platforms before the scammer discloses the payment method to request payment from the system.