—
Cybercrime is a serious issue that has the potential to have a far-reaching impact on individuals, organizations and society as a whole. Every day you hear of people being scammed online, fraudsters impersonating others on Facebook, fake images and videos, and bots on social media. Knowing about cyber security in today’s world is absolutely essential.
Today we speak to Rajvardhan Oak, a Ph.D. Student at the University of California Davis, and an Applied Scientist at Microsoft. Originally hailing from Pune in India, Rajvardhan has now become a world-leading expert in the field of cyber security and fraud. At Microsoft, he helps keep the ads network safe by preventing click fraud worth millions of dollars. His doctoral research is on investigating the underground market of fraudulent reviews on Amazon. Today we talk to him about his journey and insights into the cyber security field.
What does cyber security exactly entail, and how did you become interested in it?
Cyber security spans a wide range of topics, but the fundamental goal is keeping users and their data safe from attackers. So it can be data security (cryptography, encryption, privacy) or user security (detecting fake news and online harassment). My interest in cyber security began with cryptography, as I loved solving puzzles. Gradually, I was drawn toward other applications of security like spam, fraud, fake news, and network attacks. During my graduate studies, I became interested in using data-driven approaches and machine learning to solve such security problems.
Tell us about your work at Microsoft.
I work as an Applied Scientist in the ads fraud detection team at Microsoft. There are a lot of bad actors out there trying to game the ads ecosystem by sending fake clicks or bad traffic. My job is to research novel fraud techniques and build models that catch such traffic. I also lead investigations to analyze network traffic to determine if it is fraudulent or not.
The recent Elon Musk and Twitter debacle mentioned bots several times. As an expert, can you tell us how bots exactly work?
A bot is basically an automated program that performs certain tasks. It can create an account on Twitter, log in, post tweets, and like others – all without any human intervention. And this can be done at scale, so an attacker can run as many bots at a time as they want. This means that there are potentially thousands of fake accounts out there. So the 10k likes or retweets you see might not be by real users at all.
Your work on the fake reviews on Amazon talks about an underground market. What exactly is this market and how does it operate?
Third-party sellers try to game rankings on websites by onboarding fake reviews. The underground market consists of such sellers, agents who are contracted to seek out fake reviews, and buyers who will buy the product and write those reviews. Agents work primarily through Facebook groups, which serve as marketplaces to broker reviews and ratings; agents post the products they have and buyers respond to the products they are willing to leave a positive review for.
According to you, what is the biggest cyber security threat to society?
Phishing attacks. Most of the accounts you see being hacked are due to the victim falling prey to a phishing attack. In this kind of attack, an attacker sends you an email pretending to be someone else, and directs you to a malicious website that looks like a real one. For example, an attacker can pretend to be the Facebook Security team and send you an email saying your account has been hacked. They ask you to reset your password and direct you to a website that looks exactly like Facebook, but is not. Any credentials you enter there can be captured by the attacker.
What is some cyber security advice you’d like to leave our readers with?
Always choose strong passwords: long (at least 15 characters) and completely random. Never share your password with anyone or reuse them across websites. Do not click on a link without verifying where it leads to; always check the address bar to check that it is actually the website it claims to be. And finally, do not believe everything you see on social media just because of the likes or comments – they are very easy to inflate artificially. Do your due diligence and verify the information before believing.
—
This content is brought to you by Jacob Lee.
Photo provided by the author with written permission from owner Rajvardhan Oak.