Bhupendra Acharya

CISPA Hemlholtz for Info. Sec.
Stuhlsatzenhaus 5
66123 Saarbrücken, Germany
Email:fname[.]lname[@]cispa[.]de

NEWS

Dec 06, 2024:
Online Guest Speaker, Presented Talk on "Challenges and Methodologies: Empirical Study of Scams and Attacks on Social Media Platforms" at MIT (CAMS)

Sep 26, 2024:
In-person Guest Speaker, Presented Talk on "Empirical Study of Scams and Attacks on Social Media Platforms through AI-Powered Automated Engagement" at e-Crime

Aug 15, 2024:
Presented a paper "Brand Impersonation Attack" at USENIX Security

May 19, 2024:
Presented a paper "Conning the crypto conman" at IEEE S&P

Apr 30, 2024:
Invited to online research talk at Texas A&M

Apr 10, 2024:
Invited Victor Le Pochat from KU Leuven to research talk at CISPA

Feb 24, 2024:
Invited to online research talk at University of New Mexico

Feb 08, 2024:
C-Frame paper accepted to IEEE S&P

Dec 09, 2023:
Conning the Crypto conman paper accepted to IEEE S&P

Nov 26, 2023:
Attending ACM CCS'23 , Copenhagen, Denmark

Nov 07, 2023:
Invited to research talk at Tulane University

See archived news

Research Interests

I'm interested in various aspects of applied security, particularly on web and network security. My research aim to contribute to making the internet a safer environment, one step at a time. Below, I delineate several collaborative research topics in which I am currently engaged, collaborating with both external and internal researchers.


Large Scale Internet Cybercrimes Measurements.

My research often delves into various facets of Internet cybercrimes including but not limited to phishings, scams, illicit campaigns, money laundering and fraud accounts that are prevalent on social media platforms, and web domains. I explore how malicious actors manipulate victims into transacting via social engineering tricks, which often results in the loss of private secrets and sensitive information. I investigate the intricate network of message sharing among scammers across popular social media platforms such as WhatsApp, Facebook, Telegram, and others, which serve as ideal grounds for malicious campaign attacks. Furthermore, I analyze the current landscape of social media-based organized campaigns and examine the weaknesses in safeguarding users and organizations. Finally, based on my findings, I propose and develop robust defense mechanisms to address any identified weaknesses, aiming to fortify resilience against various phishing and scam threats.


Reveal Scammer's Modus Operandi.

Understanding the strategies employed by online scammers is crucial in combatting scams and phishing attempts on the internet. To uncover these fraudulent schemes, I frequently deploy honeypots designed to attract scammers and engage them through automated chat (LLMs), revealing their strategies and scamming payment methods. Through this approach, I provide valuable analytics that not only enhance understanding of various web-based attacks but also reveal hidden payment profiles used in scamming, which are often difficult to detect using public metadata.


Tracking Fraud Payment Profiles.

With the rise in phishing attacks, scammers are increasingly drawn to cryptocurrencies due to their enhanced anonymity, making them difficult to trace. Cryptocurrencies like Bitcoin, Monero, and others offer built-in anonymity, facilitating a safer avenue for money laundering by attackers targeting phishing victims. I monitor and offer financial loss data derived from tracking cryptocurrency addresses used in scams. As part of scam validations, and mitigation, I collaborate with industry leaders like PayPal and Chainabuse Labs. The aim is to implement mechanisms for proactive blocking such fraudulent activities, thereby safeguarding web users from future abuse.


Longitudinal Study of Attacks and Biasedness.

Although researchers have studied over two decades various forms of attacks and abuses, the efficacy against detection and mitigation of such threats has biases thus limiting the protection of users and brands. My focus on this category particularly focuses on underrepresented or biased groups that extend beyond geographical, categorical, and specific ties. Taking an instance from one of the research projects under such biasedness, although researchers like Tranco have attempted to address ranking bias by aggregating various ranking systems, this approach still fails to fully resolve the issue of ranking bias. Major brands like Bank of America and PayPal are heavily protected by Anti-Phishing Engines (APEs), making them more resistant to basic phishing attacks. However, regional brands and entities that cater to a smaller user base are often not safeguarded against phishing. The key areas I am currently focusing on are identifying and understanding different categorical biases in rankings, examining branding biases, analyzing current SEO algorithms and their one-size-fits-all approach, and proposing solutions to mitigate these biases. These research problems in cyber security extend beyond rankings to various forms of cybercrimes. Particularly, I investigate such biasedness to address the research gaps in addressing security risks.


Summary

As a applied cybercrime researcher, I am working on projects that address critical cybersecurity challenges on three topics: (i) on large-scale web measurement to analyze online threats and vulnerabilities; (ii) on detecting and mitigating financial crimes using AI-driven tools, and (iii) on studying fraudulent operations through honeypots and real-time scam analysis, creating frameworks to enhance online security and resilience. For a comprehensive list of publications, please navigate to publications. To explore ongoing collaborations within the research lab under my supervision, visit our research lab.