Saved in:
Bibliographic Details
Main Authors: Paudel, Pujan, Stringhini, Gianluca
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2509.12181
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866911155724746752
author Paudel, Pujan
Stringhini, Gianluca
author_facet Paudel, Pujan
Stringhini, Gianluca
contents Online e-commerce scams, ranging from shopping scams to pet scams, globally cause millions of dollars in financial damage every year. In response, the security community has developed highly accurate detection systems able to determine if a website is fraudulent. However, finding candidate scam websites that can be passed as input to these downstream detection systems is challenging: relying on user reports is inherently reactive and slow, and proactive systems issuing search engine queries to return candidate websites suffer from low coverage and do not generalize to new scam types. In this paper, we present LOKI, a system designed to identify search engine queries likely to return a high fraction of fraudulent websites. LOKI implements a keyword scoring model grounded in Learning Under Privileged Information (LUPI) and feature distillation from Search Engine Result Pages (SERPs). We rigorously validate LOKI across 10 major scam categories and demonstrate a 20.58 times improvement in discovery over both heuristic and data-driven baselines across all categories. Leveraging a small seed set of only 1,663 known scam sites, we use the keywords identified by our method to discover 52,493 previously unreported scams in the wild. Finally, we show that LOKI generalizes to previously-unseen scam categories, highlighting its utility in surfacing emerging threats.
format Preprint
id arxiv_https___arxiv_org_abs_2509_12181
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle LOKI: Proactively Discovering Online Scam Websites by Mining Toxic Search Queries
Paudel, Pujan
Stringhini, Gianluca
Cryptography and Security
Online e-commerce scams, ranging from shopping scams to pet scams, globally cause millions of dollars in financial damage every year. In response, the security community has developed highly accurate detection systems able to determine if a website is fraudulent. However, finding candidate scam websites that can be passed as input to these downstream detection systems is challenging: relying on user reports is inherently reactive and slow, and proactive systems issuing search engine queries to return candidate websites suffer from low coverage and do not generalize to new scam types. In this paper, we present LOKI, a system designed to identify search engine queries likely to return a high fraction of fraudulent websites. LOKI implements a keyword scoring model grounded in Learning Under Privileged Information (LUPI) and feature distillation from Search Engine Result Pages (SERPs). We rigorously validate LOKI across 10 major scam categories and demonstrate a 20.58 times improvement in discovery over both heuristic and data-driven baselines across all categories. Leveraging a small seed set of only 1,663 known scam sites, we use the keywords identified by our method to discover 52,493 previously unreported scams in the wild. Finally, we show that LOKI generalizes to previously-unseen scam categories, highlighting its utility in surfacing emerging threats.
title LOKI: Proactively Discovering Online Scam Websites by Mining Toxic Search Queries
topic Cryptography and Security
url https://arxiv.org/abs/2509.12181