"Please don't send that bot anything": Mixed-methods Study of Personal Impersonation Attacks to Steal Digital Payments on Social Media

This archive accompanies the paper “Please Don’t Send That Bot Anything: Mixed-Methods Study of Personal Impersonation Attacks to Steal Digital Payments on Social Media.” In keeping with open science guidelines, we are making all artifacts publicly available. Below is a high‐level overview of each component and guidance on how to navigate and use them.

Repository Structure

• X-AM_code/

• browser_extension_code/

• quantitative_analysis_code/

• codebook_qualitative_analysis/

• aggregated_dataset/

1. X-AM_code/
   Contains the X-AM optimized real-time data collection and validation pipeline for PROSPER attacks. Refer to X-AM_code/README for detailed instructions on running and replicating our data collection.

2. browser_extension_code/
   Holds the source code for the browser extension we used during historical data collection, which captures trigger‐tweet search results via a browser extension.

3. quantitative_analysis_code/
   Contains the scripts for the quantitative analysis described in Section 3 of our paper. Refer to quantitative_analysis_code/README.md for instructions on running this script.

4. codebook_qualitative_analysis/
   Includes the full codebook used for our Section 4 qualitative analysis.

5. aggregated_dataset/
   Provides processed and anonymized data aggregated from our raw dataset, used for generation of our results in Section 3.