November 4 @ 09:00 November 7 @ 16:00

APWG eCrime 2025 examines essential factors for managing the impacts of the global cybercrime plexus to secure IT users, commercial enterprises, governments, critical infrastructures, and operational technologies. eCrime 2025 will be the 20th annual peer-reviewed, publishing symposium hosted by APWG, this year focusing on AI and the growing menace of cyber-physical threats.

eCrime Venue: San Diego, California

Delegates’ Accommodations: Coronado Bay Resort

Click Here for APWG eCrime HOTEL ACCOMMODATIONS

The IEEE Computer Society’s Technical Community on Security & Privacy Is Standing as Technical Sponsor of the APWG’s 2025 Symposium on Electronic Crime Research (eCrime 2025)

 

Click Here for Abstracts of 2025's Accepted Peer-Reviewed Papers

Pre-Symopsium Surf Outing 12 PM Monday 

Counter-Cybercrime Surf Team Premiers in San Diego

Click here to reserve for Monday's Surf Safari

APWG Surf School

Get ready to catch some gnarly waves at the Coronado Surfing Academy! Join AegisAI CEO Cy Khormaee for a day of sun, surf, and fun with experienced instructors - all levels welcome. Rental and instruction fees apply. 

Programmed Sessions:

Monday, November 3Training Sessions for Cybercrime Interveners

 

12:00-2:30 PM / Room Assignment: Britannia

Can LLMs Outsmart Phishers? A Reality Check on AI Defenses

Aaron Escamilla, NetSTAR / ALPS System Integration Co., LTD

 

 

3:00-5:30 PM / Room Assignment: Britannia  

How to Build Agentic Systems to Automate Web Security

Mohamed Nabeel, Palo Alto Networks

 

12:00-2:30 PM / Room Assignment: Cambria  

Modeling for Anti-abuse: Threats, Risks, and Solutions

Laurin Weissinger, UC Berkeley

 

 

3:00-5:30 PM / Room Assignment: Cambria  
Practical API Integration: Connecting Applications to the eCrimex eXchange Data Clearinghouse

Carlos Ramirez, APWG Engineering

 

 

Click Here for Abstracts of Training Sessions for eCrime 2025

 

Monday Evening Pre-Conference Reception: Sunset Terrace 7-9 PM

Monday evening APWG members will meet on the Sunset Terrace / 7-9 PM

TUESDAY, November 4eCrime's 20th Year at the Cybercrime Frontier

9:00Introductions and appreciations
  

AI's Impact at the Cybercrime Frontier

9:15Panel: Charting the Evolutionary Arc of AI As Outlaw Operative & Cybercrime Watchman
 

Moderator: Embrima N. Ceesay, Vice President of Infrastructure, Platform Automation & Data Science, Mastercard

Dr. Saeed Abu Nimeh, Founder/CTO, Augur Security

Zara Perumal, CTO/Co-Founder of Overwatch Data

Cy Khormaee, Founder/CEO, AegisAI Security

Kevin Tian, Founder/CEO, Doppel

Fred Heiding, Postdoctoral Fellow, Harvard Kennedy School

10:30Coffee Break 
  
11:00AI-Enabled Phishing: Is the Sky Really Falling?            
 Crane Hassold, Principal Security Research Lead, Microsoft 
11:30AI-powered Spearphishing at Scale       
 

Cy Khormaee, Founder/CEO, 

AegisAI Security

12:00AI Under Siege: Dissecting the ReAct Framework Attack Surface
 Aditya K Sood, VP of Security Engineering and AI Strategy, Aryaka
12:30Lunch Break 
 

 

Mapping Cybercrime's Fraud Ecosystem

1:30Phishing Landscape 2025: Phishing’s Gotten Worse, and Here’s Why               
 Greg Aaron, President, Illumintel, Inc. / APWG Senior Research Fellow / Associate,  Interisle Consulting Group
2:00Infrastructure Patterns in Toll Scam Domains: A Comprehensive Analysis of Cybercriminal Registration and Hosting Strategies
 Morium Akter Munny (California State University San Marcos)
2:20Outsmarting Crimebots: How Graph Analytics and Fingerprints Beat Static Rules                     
 

Aaron Escamilla, Cyber Security Engineer

NetSTAR / ALPS System Integration Co., LTD

 

Grids, Infrastructure & Cybercrimes of Scale

Moderator: Laurin Weissinger, eCrime 2025 General Chair

2:50Inside China’s Power Grid Hacking Research                                     
 

Erika Langerová, Head of Cybersecurity Research

České Vysoké Učení Technické V Praze

Univerzitní Centrum Energeticky Efektivních Budov

 

3:20BADBOX 2.0: The Largest Botnet of Infected CTV Devices Ever Uncovered                              
 

Gavin Reid, CISO

HUMAN Security / Satori Threat Intelligence & Research Team

Lindsay Kaye

VP, Threat Intelligence

3:50SAETI: State-Actor Empowered Threat,Intelligence... A Good or a Bad thing?                              
 

Righard Zwienenberg, Senior Research Fellow, ESET

Eddy Willems, Evangelist, WAVCi

7:00APWG eCrime Speakers' Dinner at a location to be announced
eCrime 2025's speakers' dinner will convene after the first day's proceedings to thank our speakers for advancing our delegations' understanding of the cybercrime experience 

WEDNESDAY, November 5Day 2: Cybercrime Fighting in the AI Epoch 

 

The New New Cybercrimes and Their Consequences

9:15Quantum-Enabled Cybercrime: A Portfolio Analysis of Cryptocurrency Theft and Double-Spending                                       
 

Zhen Li (Albion College)

Qi Liao (Central Michigan University)

9:35Unicorns in the Wild West: Empirical Analysis of Cybercrime Facilitated by Cryptocurrencies                                            
 

Tyler Moore, Arghya Mukherjee (The University of Tulsa)                               

10:55Short Path to Phishing: Identifying Misused URL Shortening Services in the Wild
 

Zul Odgerel (Université Grenoble Alpes / KOR Labs) 

Yevheniya Nosyk, Jan Bayer, Sourena Maroofi, Louis Bedeschi (KOR Labs) 

Andrzej Duda (Université Grenoble Alpes)

Maciej Korczyński (Université Grenoble Alpes) 

10:15Coffee Break                          
  

 

Isolating Cybercrime Signal in an Epoch of Pandemic Noise

11:00Lost in Translation: Analyzing Non-English Cybercrime Forums
 Mariella Mischinger (IMDEA Networks and Universidad Carlos III de Madrid)
11:20Detecting Malicious Domain Registration Batches: Patterns, Prevalence, and Security Implications
 Sam Cheadle, Carlos Hernandez Ganan, Siôn Lloyd, Samaneh Tajalizadehkhoob (ICANN) 
11:40SHADOWBOX: A Low-Artifact Framework for Analyzing Evasive Cyber Crimes
 Javad Zandi, Lalchandra Rampersaud, Amin Kharraz (Florida International University)
12:00Lunch Break                         
  

Crimebot v. Robocop: Defensive AI at the Parapets

1:30"Send to which account?” Evaluation of an LLM-based Scambaiting System
 Hossein Siadati (Cybera)
1:50Defense of the Clones: Securing Web Applications with Automatic Honeypot Generation and Deployment
 Billy Tsouvalas, Nick Nikiforakis (Stony Brook University)
2:10Contextual Classification of Cybercriminal Posts Using Large Language Models: A Comprehensive Study on Tech Support Scam Marketplaces
 

Raghavendra Cherupalli, Yi Ting Chua, Weiping Pei, Tyler Moore (University of Tulsa)

Gary Warner (UAB (University of Alabama at Birmingham) 

2:30Family Ties: A Close Look at the Influence of Static Features on the Precision of Malware Family Clustering
 

Antonino Vitale, Simone Aonzo, Davide Balzarotti (EURECOM)

Kevin van Liebergen, Juan Caballero (IMDEA Software Institute) 

Savino Dambra (Gen Digital) 

Platon Kotzias (BforeAI) 

2:50ScanWars: (A Multi-network Approach to Detecting and Analyzing) The Rise of Scanning Activity
 

Beliz Kaleli [corresponding author], Fang Liu, Oleksii Starov, Tony Li (Palo Alto Networks)

Manuel Egele, Gianluca Stringhini (Boston University)

THURSDAY, November 6Day 3: Human Factors & Domestic Contexts

 

Moderator: Aimee Larsen-Kirkpatrick, President, STOP. THINK. CONNECT. Messaging Convention

 

8:30AI Will Increase the Quantity - and Quality - of Phishing Scams
 Fred Heiding, Postdoctoral Fellow, Harvard Kennedy School
9:15

PANEL: Limits of User Security Burdens in a Pandemic of Nearly Imperceptible Falsity & Fraud

 Moderator: TBA
10:15Beaver: Estimating Future Risks at Scale in Real-World Deployments
 

Jessica Balaquit, Marco Balduzzi, Roel Reyes, Ryan Flores  (Trend Micro Research)

10:35Catch Me If You Scan: A Longitudinal Analysis of Stalkerware Evasion Tactics
 Anahitha Vijay,  Luis A. Saavedra, Alice Hutchings (University of Cambridge) 
10:55Department-Specific Security Awareness Campaigns: A Cross-Organizational Study of HR and Accounting
 

Matthias Pfister, Irdin Pekaric (University of Liechtenstein) 

Giovanni Apruzzese (University of Liechtenstein, University of Reykjavik) 

11:15Just in Plain Sight: Unveiling CSAM Distribution Campaigns on the Clear Web
 

Nikolaos Lykousas (Data Centric) 

Constantinos Patsakis (University of Piraeus) 

11:35

Safeguarding Futures: Exploring the Impacts of Generative AI on Child Online Protection in Nepal

 

Anil Raghuvanshi, ChildSafe.Net and UNICEF

11:55Social Engineering / Second Edition                                                                      
 

Righard Zwienenberg, Senior Research Fellow, ESET

Eddy Willems, Evangelist, WAVCi 

12:20LUNCH BREAK
 Trade Fair Opens / Posters on Display

THURSDAY's proceedings continueCybercrime's Marketplaces & Finances

 

Mapping the Cybercrime Marketplace

1:15Uncovering the Trust Signals Supporting Telegram’s Cybercrime Economy
 

Roy Ricaldi, Luca Allodi (Eindhoven University of Technology)

Tina Marjanov, Alice Hutchings (University of Cambridge)

1:35Is Ransomware an Economically Distinct Attack Type? An Event Study of Market Reactions
 

Ambarish Gurjar, Dalyapraz Manatova, Benjamin Staples, Spencer Chambers, Jean Camp (Indiana University Bloomington) 

1:55COFFEE BREAK
 Trade Fair Opens / Posters on Display

 

Cybercriminal Finance & Crypto as Laundering Engine

2:45From Lamborghinis to Ladas: Empirical Analysis of LockBit's Business Operations
 Ian Gray (New York University) 
3:05Inside LockBit: Technical, Behavioral, and Financial Anatomy of a Ransomware Empire
 Felipe Castaño, Francesco Zola (Vicomtech), Constantinos Patsakis (University of Piraeus), Fran Casino (Rovira i Virgili University)
3:25The Dark Art of Financial Disguise in Web3: Money Laundering Schemes and Countermeasures
 

Hesam Sarkhosh Sarkendi, Uzma Maroof, Diogo Barradas (University of Waterloo) 

THURSDAY NIGHT CHALK TALKWIPs, Demos, Collaboration Opportunities & Wild Ideas Worthy of Domestication

5:30

The APWG’s Symposium on Electronic Crime (eCrime) invites: cybercrime research demonstrations; works in progress and  research proposals that exhibit important results and suggest applications; and telling comparative analyses from across the cybercrime and anti-abuse landscape.

 

Victim as a Service: Designing a System for Engaging with Interactive Scammers

Daniel Spokoyny, Beesafe.ai and Nikolai Vogler, UCSD.

 

In this talk, we describe the motivation, design, implementation, and experience with an LLM-based system that automates long-term, conversational engagement with online scammers such as pig butchering operations, across a number of media and communications channels. Increasingly common and the source of significant public losses (at least $75B by one recent study), their long-term conversational nature makes these scams extremely challenging to investigate at scale, requiring systemic artificial engagement. 

 

Chalk Talk proposals to: ecrime2025@apwg.org

Venue: TBA

 

Click Here for eCrime 2025 Chalk Talk Call for Presentations

 

Your Chalk Talk Moderators:

Dr. Stefan Savage (UCSD) and Darin Andersen (NXT Robotics, The Antara Group, MetropolisIQ, Middlemarch Fund)

 

Join APWG eCrime delegates and industrial correspondents for a semi-formal chalk talk session to discuss works in progress in the laboratory, collaborations opportunities, R&D ideas - and to witness first hand demos of working technologies that may soon be managing the chaos of the cybercrime frontier. Details to be posted soonest.

 

 

FRIDAY: POLICY ROUNDTABLERoundtable on Measurement, Transparency, and Cyber Integrity Policy

Moderators: KC Claffy, CAIDA & Laurin Weissinger, UC Berkeley 

 

9:30 AM – 1 PM

 

Objective:

 

To identify practical paths toward greater rigor and openness in measuring cybercrime phenomena—balancing the needs of research, industry, and policy.

 

Timing

 

9:30 – 9:40 AM — Welcome and Framing

  • Purpose: Introduce participants, clarify goals, and situate the discussion within current APWG efforts and the conference presentations
  • Prompt:
    • Why does measurement and transparency matter now?
    • What are today’s biggest coordination or trust barriers?

       

9:40 – 10:15 AM — Scene-Setting: The Landscape of Measurement and Transparency

  • Short Inputs (5-7 min each) from:
  • CAIDA/UCSD Sysnet: Research-driven measurement—limits and gaps.
  • TBA: Industry telemetry, operational sensitivities, and disclosure.
  • TBA: The discipline of technical diplomacy in establishing specification, convention & standardized vocabularies and taxonomies on a global basis
  • TBA: Cloud-scale data perspectives.
  • APWG: Coordination and data-sharing across communities in cyber—and in comparison to other sectoral exchanges for risk management and research.
  • Moderator summary: Cross-cutting observations—where measurement and transparency intersect. 

     

10:15 – 10:40 AM – Break

 

10:40 – 11:40 AM — Roundtable I: Measurement in Practice

 

Focus: How do we measure what matters?

  • What types of data (DNS, abuse feeds, sinkholes, telemetry) are most informative?
  • How can relevant anti-abuse communities define ontological/epistemological concepts (e.g. what is abusive), methodologies, and measurement approaches in ways that can be shared by all counter-cybercrime stake-holding communities?
  • How do organizations validate and reconcile conflicting datasets?
  • What incentives or standards could raise measurement quality?
  • Where are the persistent blind spots—technical, legal, or resource-based?
    Outcome: Draft 2–3 short “measurement principles” for shared reliability.

 

11:40 – 11:55 AM — Break

 

11:55 AM – 12:55 PM — Roundtable II: Transparency—What, Why, and How Much?

 

Focus: Enabling trust and accountability without compromising security.

  • What forms of transparency (methodology disclosure, shared metrics, public dashboards, inter-org access) build the most value?
  • Where do confidentiality, privacy, or competitive limits justifiably constrain openness?
  • What models for controlled transparency (e.g., vetted sharing frameworks) could work?
  • Could a common taxonomy or data-trust structure improve global understanding of cybercrime data?
    Outcome: Identify 2–3 actionable opportunities for collaborative transparency pilots.

     

 12:55 – 1:00 PM — Wrap-Up and Next Steps

 

  • Summarize takeaways and proposed collaborations.
  • Note follow-on actions: working group, shared document, or pilot proposal for APWG 2026.

 

Suggested Reading:

https://nap.nationalacademies.org/catalog/29048/cybercrime-classification-and-measurement

 

Important Dates (peer-review papers):

Notification of acceptance: September 5th – 9th, 2025

 

Conference: November 4 – 7, 2025

 

Camera-ready paper due: November 30th, 2025

 

The selected peer-reviewed papers will be presented at the eCrime symposium along with panels and talks in General Sessions from other researchers selected from industrial and academic research centers correspondent with the APWG.


General Information
eCrime sessions and proceedings are in English.
 
The San Diego venue and accommodation at Loews Coronado Bay can be inspected here: https://www.loewshotels.com/coronado-bay-resort/111025-ecrime-2025


Please contact the APWG eCrime organizers for any other details via email at apwg_events@apwg.org.
 
Discounts
Students requiring discounts should contact symposium managers at apwg_events@apwg.org
 
IEEE members and partners requiring discounts should contact symposium managers at apwg_events@apwg.org

 

Discount codes are also available for university researchers, government personnel and law enforcement professionals from pubic-sector agencies as well as for IEEE members.

 

Please contact the APWG eCrime organizers for details via email at: apwg_events@apwg.org.

 

Conference Sponsorship Opportunities 

Sponsorship opportunities for APWG members and third parties are available here:

https://apwg.org/wp-content/uploads/2025/06/APWG_eCrime2025_SAN_DIEGO_Sponsorship_Memo-1.pdf