November 4 @ 09:00 November 7 @ 16:00

 

APWG eCrime 2025 examines essential factors for managing the impacts of the global cybercrime plexus to secure IT users, commercial enterprises, governments, critical infrastructures, and operational technologies. eCrime 2025 will be the 20th annual peer-reviewed, publishing symposium hosted by APWG, this year focusing on AI and the growing menace of cyber-physical threats.

 

eCrime Venue: San Diego, California

Delegates’ Accommodations: Coronado Bay Resort

 

Click Here for APWG eCrime HOTEL ACCOMMODATIONS

 

The IEEE Computer Society’s Technical Community on Security & Privacy Is Standing as Technical Sponsor of the APWG’s 2025 Symposium on Electronic Crime Research (eCrime 2025)

 

 

Click Here for Abstracts of 2025's Accepted Peer-Reviwed Papers

 

Programmed Sessions:

 

Monday, November 3/ Training Sessions for Cybercrime Interveners

 

12:00-12:30 PM / Room Assignment: Britannia

Can LLMs Outsmart Phishers? A Reality Check on AI Defenses

Aaron Escamilla, NetSTAR / ALPS System Integration Co., LTD

 

3:00-5:30 PM / Room Assignment: Britannia  

How to Build Agentic Systems to Automate Web Security

Mohamed Nabeel, Palo Alto Networks

 

12:00-2:30 PM / Room Assignment: Cambria  

Modeling for Anti-abuse: Threats, Risks, and Solutions

Laurin Weissinger, UC Berkeley

 

3:00-5:30 PM / Room Assignment: Cambria  
 TBA

 

Click Here for Abstracts of Training Sessions for eCrime 2025

 

APWG eCrime 2025 Monday Night Reception

Monday evening APWG members will meet on the Sunset Terrace / 7-9 PM

 

TUESDAY, November 4/ Introductions & eCrime 20th Year Review

 

9:15Panel: Charting the Evolutionary Arc of AI As Outlaw Operative & Cybercrime Watchman
 

Moderator: Embrima N. Ceesay, Vice President of Infrastructure, Platform Automation & Data Science, Mastercard

Dr. Saeed Abu Nimeh, Founder/CTO, Augur Security

Zara Perumal, CTO/Co-Founder of Overwatch Data

Cy Khormaee, Founder/CEO, AegisAI Security

Kevin Tian, Founder/CEO, Doppel

Fred Heiding, Post Doctoral Fellow, Harvard Kennedy School

10:45Coffee Break 
  

 

AI's Impact at the Cybercrime Frontier

 

11:15AI Will Increase the Quantity - and Quality - of Phishing Scams
 Fred Heiding, Post Doctoral Fellow, Harvard Kennedy School   
11:35AI-Enabled Phishing: Is the Sky Really Falling?                                
 Crane Hassold, Principal Security Research Lead, Microsoft
12:05AI-powered Spearphishing at Scale                                                    
 

Cy Khormaee, Founder/CEO, 

AegisAI Security

12:35AI Under Siege: Dissecting the ReAct Framework Attack Surface
 

Aditya K Sood, VP of Security Engineering and AI Strategy, Aryaka

 

1:00Lunch Break                         
  

Mapping Cybercrime's Fraud Ecosystem

Moderator: Brad Wardman, Coinbase / APWG Board of Directors

 

2:00Phishing Landscape 2025: Phishing’s Gotten Worse, and Here’s Why
 Greg Aaron, President, Illumintel, Inc. / APWG Senior Research Fellow / Associate,  Interisle Consulting Group
2:30Infrastructure Patterns in Toll Scam Domains: A Comprehensive Analysis of Cybercriminal Registration and Hosting Strategies
 Morium Akter Munny (California State University San Marcos)
2:50Wireless Data Exfiltration Using LoRa Devices                                   
 

IoT as Cybercrime Co-conspirator:

Roger Thompson

Thompson Security Research

3:20Outsmarting Crimebots: How Graph Analytics and Fingerprints Beat Static Rules                     
 

Aaron Escamilla, Cyber Security Engineer

NetSTAR / ALPS System Integration Co., LTD

 

 

Grids, Infrastructure & Cybercrimes of Scale

Moderator: Laurin Weissinger, eCrime 2025 General Chair

 

3:50Inside China’s Power Grid Hacking Research                                     
 

Erika Langerová, Head of Cybersecurity Research

České Vysoké Učení Technické V Praze

Univerzitní Centrum Energeticky Efektivních Budov

4:20BADBOX 2.0: The Largest Botnet of Infected CTV Devices Ever Uncovered                              
 

Lindsay Kaye

VP, Threat Intelligence

Gavin Reid, CISO

HUMAN Security / Satori Threat Intelligence & Research Team

4:50SAETI: State-Actor Empowered Threat,Intelligence... A Good or a Bad thing?                              
 

Righard Zwienenberg, Senior Research Fellow, ESET

Eddy Willems, Evangelist, WAVCi

 

WEDNESDAY, November 5/ Day 2: Cybercrime Fighting in the AI Epoch 

 

The New New Cybercrimes and Their Consequences

9:15Quantum-Enabled Cybercrime: A Portfolio Analysis of Cryptocurrency Theft and Double-Spending                                       
 

Zhen Li (Albion College)

Qi Liao (Central Michigan University)

10:05Unicorns in the Wild West: Empirical Analysis of Cybercrime Facilitated by Cryptocurrencies                                            
 

Tyler Moore, Arghya Mukherjee (The University of Tulsa)                               

10:25Short Path to Phishing: Identifying Misused URL Shortening Services in the Wild
 

Zul Odgerel (Université Grenoble Alpes / KOR Labs) 

Yevheniya Nosyk, Jan Bayer, Sourena Maroofi, Louis Bedeschi (KOR Labs) 

Andrzej Duda (Université Grenoble Alpes)

Maciej Korczyński (Université Grenoble Alpes) 

10:45Coffee Break                          
  

 

Isolating Cybercrime Signal in an Epoch of Pandemic Noise

11:30Lost in Translation: Analyzing Non-English Cybercrime Forums
 Mariella Mischinger (IMDEA Networks and Universidad Carlos III de Madrid)
11:50Detecting Malicious Domain Registration Batches: Patterns, Prevalence, and Security Implications
 Sam Cheadle, Carlos Hernandez Ganan, Siôn Lloyd, Samaneh Tajalizadehkhoob (ICANN) 
12:10SHADOWBOX: A Low-Artifact Framework for Analyzing Evasive Cyber Crimes
 Javad Zandi, Lalchandra Rampersaud, Amin Kharraz (Florida International University)
12:30Lunch Break                         
  

Crimebot v. Robocop: Defensive AI at the Parapets

1:45"Send to which account?” Evaluation of an LLM-based Scambaiting System
 Hossein Siadati (Cybera)
2:05Defense of the Clones: Securing Web Applications with Automatic Honeypot Generation and Deployment
 Billy Tsouvalas, Nick Nikiforakis (Stony Brook University)
2:25Contextual Classification of Cybercriminal Posts Using Large Language Models: A Comprehensive Study on Tech Support Scam Marketplaces
 

Raghavendra Cherupalli, Yi Ting Chua, Weiping Pei, Tyler Moore (University of Tulsa)

Gary Warner (UAB (University of Alabama at Birmingham) 

2:45Family Ties: A Close Look at the Influence of Static Features on the Precision of Malware Family Clustering
 

Antonino Vitale, Simone Aonzo, Davide Balzarotti (EURECOM)

Kevin van Liebergen, Juan Caballero (IMDEA Software Institute) 

Savino Dambra (Gen Digital) 

Platon Kotzias (BforeAI) 

3:05ScanWars: (A Multi-network Approach to Detecting and Analyzing) The Rise of Scanning Activity
 

Beliz Kaleli [corresponding author], Fang Liu, Oleksii Starov, Tony Li (Palo Alto Networks)

Manuel Egele, Gianluca Stringhini (Boston University)

 

THURSDAY, November 6/ Human Factors & Domestic Contexts

 

Moderator: Aimee Larsen-Kirkpatrick, President, STOP. THINK. CONNECT. Messaging Convention

 

8:30Child Identity Theft and Socially Engineered Attacks                                    
 Tracy (Kitten) Goldberg, Javelin Research
9:15

PANEL: Limits of User Security Burdens in a Pandemic of Nearly Imperceptible Falsity & Fraud

 Moderator: TBA
10:00Beaver: Estimating Future Risks at Scale in Real-World Deployments
 

Jessica Balaquit, Marco Balduzzi, Roel Reyes, Ryan Flores  (Trend Micro Research)

10:20Royal Rumble: How QR Codes Tag-Team Human Psychology to Deliver the Perfect Attack
 

Andrew Williams

Principal Product Marketing Manager, mimecast

10:40Catch Me If You Scan: A Longitudinal Analysis of Stalkerware Evasion Tactics
 Anahitha Vijay,  Luis A. Saavedra, Alice Hutchings (University of Cambridge) 
11:00Department-Specific Security Awareness Campaigns: A Cross-Organizational Study of HR and Accounting
 

Matthias Pfister, Irdin Pekaric (University of Liechtenstein) 

Giovanni Apruzzese (University of Liechtenstein, University of Reykjavik) 

11:20Just in Plain Sight: Unveiling CSAM Distribution Campaigns on the Clear Web
 

Nikolaos Lykousas (Data Centric) 

Constantinos Patsakis (University of Piraeus) 

11:40

Safeguarding Futures: Exploring the Impacts of Generative AI on Child Online Protection in Nepal

 

Anil Raghuvanshi, ChildSafe.Net and UNICEF

12:00Social Engineering / Second Edition                                                                      
 

Righard Zwienenberg, Senior Research Fellow, ESET

Eddy Willems, Evangelist, WACCi 

12:30LUNCH BREAK
 Trade Fair Opens / Posters on Display

 

Mapping the Cybercrime Marketplace

1:30Uncovering the Trust Signals Supporting Telegram’s Cybercrime Economy
 

Roy Ricaldi, Luca Allodi (Eindhoven University of Technology)

Tina Marjanov, Alice Hutchings (University of Cambridge)

1:50Is Ransomware an Economically Distinct Attack Type? An Event Study of Market Reactions
 

Ambarish Gurjar, Dalyapraz Manatova, Benjamin Staples, Spencer Chambers, Jean Camp (Indiana University Bloomington) 

2:10COFFEE BREAK
 Trade Fair Opens / Posters on Display

 

Cybercriminal Finance & Crypto as Laundering Engine

2:55From Lamborghinis to Ladas: Empirical Analysis of LockBit's Business Operations
 Ian Gray (New York University) 
3:15Inside LockBit: Technical, Behavioral, and Financial Anatomy of a Ransomware Empire
 Felipe Castaño, Francesco Zola (Vicomtech), Constantinos Patsakis (University of Piraeus), Fran Casino (Rovira i Virgili University)
3:35The Dark Art of Financial Disguise in Web3: Money Laundering Schemes and Countermeasures
 

Hesam Sarkhosh Sarkendi, Uzma Maroof, Diogo Barradas (University of Waterloo) 

 

Important Dates (peer-review papers):

Notification of acceptance: September 5th – 9th, 2025

 

Conference: November 4 – 7, 2025

 

Camera-ready paper due: November 30th, 2025

 

The selected peer-reviewed papers will be presented at the eCrime symposium along with panels and talks in General Sessions from other researchers selected from industrial and academic research centers correspondent with the APWG.


General Information
eCrime sessions and proceedings are in English.
 
The San Diego venue and accommodation at Loews Coronado Bay can be inspected here: https://www.loewshotels.com/coronado-bay-resort/111025-ecrime-2025


Please contact the APWG eCrime organizers for any other details via email at apwg_events@apwg.org.
 
Discounts
Students requiring discounts should contact symposium managers at apwg_events@apwg.org
 
IEEE members and partners requiring discounts should contact symposium managers at apwg_events@apwg.org

 

Discount codes are also available for university researchers, government personnel and law enforcement professionals from pubic-sector agencies as well as for IEEE members.

 

Please contact the APWG eCrime organizers for details via email at: apwg_events@apwg.org.
 

Solicited Research Topics for APWG eCrime 2025
Since 2006, APWG eCrime has cast its call for papers in relevant research disciplines, focusing in large part on financial crimes that abuse Internet technologies and IT to victimize users, enterprises and their brands. 
 
From 2025 forward, APWG eCrime is also specifically soliciting original research on cyber-physical systems and operational technologies abused in the furtherance of any crime: cyber (digital) or manifested in physical spaces, such as homes, enterprises, roadways, public spaces and critical infrastructure.

 

eCrime’s curators define these cybercrimes as those that exploit, disrupt, or manipulate cyber-physical systems or operational technologies — systems that integrate control, feedback, and communication mechanisms across digital, mechanical, and biological domains. 

 

The selected peer-reviewed papers will be presented at the eCrime symposium along with panels and talks in General Sessions from other researchers selected from industrial and academic research centers correspondent with the APWG.
 
Alongside this expanded topic spectrum, eCrime 2025 is also soliciting papers that speak to the following topics and issues: 
 
Economic foundations of: cybercrime cyber-physical crimes; and other abuses of IT for criminal enterprise 
 
Behavioural and psychosocial aspects of cybercrime; and cyber-physical system victimization and prevention
 
Emerging technological exposures, vulnerabilities, and risks
 
Architectural vulnerabilities (of products, operational technologies, infrastructures and cyber-physical systems) that advantage criminal actors 
 
New or improved techniques to detect and respond to cybercrime and cyber-physical crimes of all types
 
How to accurately measure and understand the health and resilience of systems, networks, infrastructures and users against cybercrime
 
Addressing challenges of cybercrime’s increasing complexity (e.g. digital infrastructures, crime-fighting/forensic techniques, and the structure of the crimes themselves)
 
Measuring and modelling of cybercrime/cyber-physical system crimes and related criminal enterprises for operational protection routines
 
Measuring and modelling of cybercrime/cyber-physical system crimes and related criminal enterprises for informing rational underwriting instrumentation developed by commercial insurers
 
Analysis and modelling of the cybercrime and abuse risk landscape 
 
Cybercrime/cyber-physical system crime payload delivery strategies and countermeasures (e.g. spam, mobile apps, social engineering, etc.)
 
Application of public policy and law for the programmatic suppression of common cybercrimes; crimes against or involving cyber-physical systems and related abuses
 
Policy and legal challenges as they relate to actually developing and sustaining anti-cybercrime practices and policies
 
Cryptocurrency crimes and related cybercrimes, and the forensic tools and techniques required to measure, prevent, and counter these crimes
 
Case studies of current cybercrime/cyber-physical system attack methods (e.g. phishing, malware, rogue antivirus programs, pharming, ransomware, crimeware, botnets, and emerging techniques)
 
Detecting and preventing abuse of internet infrastructure to neutralize cybercrimes/cyber-physical system crimes and abuses
 
Detecting and isolating cybercriminal gangs and their money laundering routines and enterprises
 
Cybercrime’s evolution in specific verticals (e.g. financial services, e-commerce, health and energy, etc.)
 
Cybercriminal cloaking techniques, and counter-cloaking tools and approaches
 
Design and evaluation of UI/UXs to neutralize fraud and enhance user security and cybercrime awareness
 
Novel methods for measuring cybercrime and related abuses for development of defensive routines and programs
 
 
Guidance for Authors
Submit papers here:  https://ecrime2025.hotcrp.com
 
eCrime has adopted the IEEE publication format. Submissions should be in English, in PDF format with all fonts embedded, and formatted using the IEEE conference template, which can be found at:
 
http://www.ieee.org/conferences_events/conferences/publishing/templates.html.
 
Submissions must include author names and affiliations, but should otherwise be anonymized. Authors’ own work should be referred to in the third person.
 
Papers should not exceed 12 letter-sized pages, excluding the bibliography and appendices. Committee members are not required to read appendices, so ensure that the main paper is intelligible without them.
 
Submitted papers that do not adhere to all the above guidelines may be rejected without consideration of their merits.
 
Authors of accepted papers must register for the event and present in person. Remote presentations delivered live and/or pre-recorded presentations will be considered in limited circumstances (e.g. where the lead author presents remotely and a co-author attends in person).
 
Authors will be asked to indicate whether they would like their submissions to be considered for the Best Student Paper Award. Any paper co-authored by a full-time student is eligible for this award.
 
Authors of accepted papers must guarantee that their paper will be presented at the conference. APWG eCrime understands that some authors may face difficulties in obtaining funding to attend the conference. Therefore, a limited number of stipends are available for those who are unable to secure funding. Students who will present their accepted papers themselves will be given priority in receiving this assistance.
 
 
Call for Training Day Proposals
Are you an expert in a cybercrime research, cyber forensics or related investigation methods? Do you use a specialised resource/repository and want to show others how to use it too (or use it better)? Have you authored a new framework or modelling technique that you think more people should know about? 
 
For the first time at eCrime 2025, APWG will feature a pre-conference eCrime Training Day for researchers and industry practitioners. Trainers will have the opportunity to discuss their areas of expertise with attendees on Monday, November 3, the day before the conference begins (on 4 November). These longer sessions are aimed at transferring skills and passing the torch to a new generation of researchers and practitioners.
 
Sessions could focus on a variety of relevant topics, such as: 
 
How to collect, use, and analyse cybercrime data in investigations and/or research projects 
 
How to investigate key data repositories, such as the DNS ecosystem, for research and investigations
 
New modelling methods for cyber threats, risks, and vulnerabilities
 
How to engage with policymakers as a cyber researcher or industry expert
 
An intro session for cybercrime researchers/investigators focusing on relevant security frameworks, standards, and best practices 
 
Training session proposals should include:
 

Training session title
 

Trainer/artisan biographic description 3-6 sentences of direct relevance to topic space covered in the proposed session
 

Topic description of 3-6 sentences describing what the training session will cover and competencies it will cultivate
 

Audience: eCrime prefers sessions that any eCrime attendee could benefit from; however, please note if your session would especially benefit a specific audience (e.g. threat intelligence researcher)
 

Prerequisites: eCrime prefers training sessions that do not require any prerequisites; however, we may make an exception for a topic of particular merit or interest  
 

Session length minimum of 1 hour, maximum of 3 hours. Please also indicate whether your session 

length is strict (i.e. if we receive many session proposals, or if a trainer drops out, would you be able to make your session longer or shorter)
 
Include all the information above in a Word or PDF document and upload to https://ecrime2025.hotcrp.com  and title your submission with “PROPOSAL” followed by your session title (for example “PROPOSAL Using the OWASP model in SMEs”.)
 
A maximum of 4 training sessions will be offered. 
 
Important Dates (eCrime Training Day proposals)
 
Deadline for Proposals: June 15th 2025
 
Notification of Acceptance: August 30th, 2025
 `
Anticipated time for each training session: 1 to 3 hours, with a preference for longer, in-depth sessions. If there is sufficient interest, we will consider running parallel sessions.

 

 

Conference Sponsorship Opportunities 

Sponsorship opportunities for APWG members and third parties are available here:

https://apwg.org/wp-content/uploads/2025/06/APWG_eCrime2025_SAN_DIEGO_Sponsorship_Memo-1.pdf