CISPA Hemlholtz for Info. Sec.
Stuhlsatzenhaus 5
66123 Saarbrücken, Germany


May 19, 2024:
Presented a paper "Conning the crypto conman" at IEEE S&P

Apr 30, 2024:
Invited to online research talk at Texas A&M

Apr 10, 2024:
Invited Victor Le Pochat from KU Leuven to research talk at CISPA

Feb 24, 2024:
Invited to online research talk at University of New Mexico

Feb 08, 2024:
C-Frame paper accepted to IEEE S&P

Dec 09, 2023:
Conning the Crypto conman paper accepted to IEEE S&P

Nov 26, 2023:
Attending ACM CCS'23 , Copenhagen, Denmark

Nov 07, 2023:
Invited to research talk at Tulane University

Aug 11, 2023:
Attending USENIX Security'23 , Anaheim, CA

Mar 01, 2023:
Starting as a postdoc at CISPA at Professor Thorsten Holz's Lab

Feb 24, 2023:
Invited to research talk at CalState LA, Los Angeles, LA

Nov 09, 2022:
PhD Defense Completed

Aug 11, 2021:
PhishPrint paper zoom based presentation at USENIX

See archived news

I am actively seeking an Assistant Professor position (research oriented PhD school) and open to connect!


Short Bio. I am a postdoctoral researcher at CISPA Helmholtz Center for Information Security (March 2023 - present). I work with Prof. Thorsten Holz at SysSec Lab . I completed my Ph.D. at University of New Orleans under the supervision of Prof. Phani Vadrevu. My Ph.D. (Jan 2018- Dec 2022) work primarily focused on areas of Phishing, Web Security Crawlers, Browser Fingerprinting, and building tools for large-scale measurement using honeypots. I have been blessed to have two great advisors Prof. Thorsten Holz and Prof. Phani Vadrevu who have (had) guided me to become the person I wanted to aspire for. Before academia, I worked for 7+ years (2011-2018) in several industries (Amazon, Raima, Microsoft (contract)) performing software development and assurances. I often collaborate with researchers from diverse institutes, and fortunate to mentor several master’s and bachelor’s thesis students at SysSec Lab.

Current Focus. Currently, my focus as a postdoctoral researcher revolves around gaining insights into ongoing web scams and attacks. The overarching goal is to devise effective defense mechanisms against such threats. My ongoing research encompasses the following areas -

i) Investigating the comprehensive modus operandi of scammers in real-world scenarios
ii) Developing a honeypot model capable of automatically profiling abusing malicious actors
iii) Exposing fraudulent payment profiles established by scammers to facilitate illicit transactions
iv) Designing proactive mitigation strategies to combat abuse and attacks in-the-wild

Applied Research/Industry Partners. I often engage in collaborations with leading payment service providers like PayPal Inc. and cryptocurrency firms such as TRM Labs. These partnerships facilitate the reporting of identified scamming payment profiles and abuse, aiming to prevent any subsequent misuse or attacks that these detected scamming accounts might perpetrate in the broader digital landscape.

Selected Publications

Here are a few handpicked publications that are published in esteemed venues. For full publications, please refer to publications page.

  1. The Imitation Game: Exploring Brand Impersonation Attacks on Social Media Platforms
    Bhupendra Acharya, Dario Lazzaro, Antonio Emanuele Cinà, Lea Schönherr, Efren Lopez Morales, Muhammad Saad, Adam Oest, Thorsten Holz
    Proceedings of The 33rd USENIX Security Symposium (USENIX Security)
    Philadelphia, PA, USA, 2024.

  2. Conning the Crypto Conman: End-to-End Analysis of Cryptocurrency-based Technical Support Scams
    Bhupendra Acharya, Muhammad Saad, Antonio Emanuele Cinà, Lea Schönherr, Hoang Dai Nguyen, Adam Oest, Phani Vadrevu, Thorsten Holz
    Proceedings of The 45th IEEE Symposium on Security and Privacy (IEEE S&P)
    San Francisco, CA, May 2024.

  3. C-FRAME: Characterizing and Measuring in-the-wild CAPTCHA Attacks
    Hoang Dai Nguyen, Karthika Subramani, Bhupendra Acharya, Roberto Perdisci, Phani Vadrevu
    Proceedings of The 45th IEEE Symposium on Security and Privacy (IEEE S&P)
    San Francisco, CA, May 2024.

  4. PhishPrint:Evading Phishing Detection Crawlers by Prior Profiling
    Bhupendra Acharya, Phani Vadrevu
    Proceedings of The 30th USENIX Security Symposium (USENIX Security)
    Vancouver, BC, Canada, Aug 11-13, 2021

  5. Last updated: June 01, 2024