Social spam is unwanted spam content appearing on social networking services, social bookmarking sites, [1] and any website with user-generated content (comments, chat, etc.). It can be manifested in many ways, including bulk messages, [2] profanity, insults, hate speech, malicious links, fraudulent reviews, fake friends, and personally identifiable information.
As email spam filters became more effective, catching over 95% of these messages, spammers have moved to a new target – the social web. [3] Over 90% of social network users have experienced social spam in some form. [4] Those doing the “spamming” can be automated spambots/social bots, fake accounts, or real people. [5] Social spammers often capitalize on breaking news stories to plant malicious links or dominate the comment sections of websites with disruptive or offensive content. [6]
Social spam is on the rise, with analysts reporting over a tripling of social spam activity in six months. [7] It is estimated that up to 40% of all social user accounts are fake, depending on the site. [8] In August, 2012, Facebook admitted through its updated regulatory filing [9] that 8.7% of its 955 million active accounts were fake. [10]
Commercial spam is a comment that has commercial content irrelevant to the discussion at hand. Many of the old email spam content resurfaced on social networks, from Viagra ads, to work-from-home scams, to counterfeit merchandise. Recent analysis showed social spammers content preferences changing slightly, with apparel and sports accounting for 36% of all posts. Others included: porn and pills (16%), SEO/web development (23%), and mortgage loans (12%). [11]
Social networking spam is spam directed specifically at users of internet social networking services such as Google+, Facebook, Pinterest, LinkedIn, or MySpace. Experts estimate that as many as 40% of social network accounts are used for spam. [8] These spammers can utilize the social network's search tools to target certain demographic segments, or use common fan pages or groups to send notes from fraudulent accounts. Such notes may include embedded links to pornographic or other product sites designed to sell something. In response to this, many social networks have included a "report spam/abuse" button or address to contact. [12] Spammers, however, frequently change their address from one throw-away account to another, and are thus hard to track. [13]
Facebook pages with pictures and text asking readers to e.g. "show your support" or "vote" are used to gather likes, comments and shares which improve the pages' ranking. The page is then slightly changed and sold for profit. [14] [15]
Bulk submissions are a set of comments repeated multiple times with the same or very similar text. These messages, also called as spam-bombs, [16] can come in the form of one spammer sending out duplicate messages to a group of people in a short period of time, or many active spam accounts simultaneously posting duplicate messages. Bulk messages can cause certain topics or hashtags to trend highly. For example, in 2009, a large number of spam accounts began simultaneously posting links to a website, causing ‘ajobwithgoogle’ to trend. [16]
User-submitted comments that contain swear words or slurs are classified as profanity. Common techniques to circumvent censorship include “cloaking”, which works by using symbols and numbers in place of letters or inserting punctuation inside the word (for example, "w.o.r.d.s" instead of "words"). The words are still recognizable by the human eye, though are often missed by website monitors due to the misspelling.
User-submitted insults are comments that contain mildly or strongly insulting language against a specific person or persons. These comments range from mild name-calling to severe bullying. Online bullies often use insults in their interactions, referred to as cyberbullying. Hiding behind a screen name allows users to say mean, insulting comments with anonymity; these bullies rarely have to take responsibility for their comments and actions. [17]
User-submitted threats of violence are comments that contain mild or strong threats of physical violence against a person or group. In September 2012, Eric Yee was arrested for making threats in an ESPN comment section. [18] He started out discussing the high price of LeBron James shoes, but quickly turned into a stream of racist and insulting comments, and threats against children. [19] This is a more serious example of social spam.
User-submitted hate speech is a comment that contains strongly offensive content directed against people of a specific race, gender, sexual orientation, etc. According to a Council of Europe survey, [20] across the European Union, 78% of respondents had encountered hate speech online; 40% felt personally attacked or threatened; and 1 in 20 have posted hate speech themselves.
User-submitted comments can include malicious links that will inappropriately harm, mislead, or otherwise damage a user or computer. These links are most commonly found on video entertainment sites, such as YouTube. [21] When a user clicks on a malicious link, the result can include downloading malware to the user's device, directing the user to sites designed to steal personal information, drawing unaware users into participating in concealed advertising campaigns, and other harmful consequences. [22] Malware can be very dangerous to the user, and can manifest in several forms: viruses, worms, spyware, Trojan horses, or adware. [23]
Fraudulent reviews are reviews of a product or service from users that never actually used it, and therefore insincere or misleading. These are often solicited by the proprietor of the product or service, who contracts positive reviews, known as “reviews-for-hire”. [24] Some companies are attempting to tackle this problem by warning users that not all reviews are genuine. [25]
Fake friends occurs when several fake accounts connect or become “friends”. These users or spambots often try to gain credibility by following verified accounts, such as those for popular celebrities and public figures. If that account owner follows the spammer back, it legitimizes the spam account, enabling it to do more damage. [26]
User-submitted comments that inappropriately display full names, physical addresses, email addresses, phone numbers, or credit card numbers are considered leaks of personally identifiable information (PII). [27]
Electronic mail is a method of transmitting and receiving messages using electronic devices. It was conceived in the late–20th century as the digital version of, or counterpart to, mail. Email is a ubiquitous and very widely used communication medium; in current use, an email address is often treated as a basic and necessary part of many processes in business, commerce, government, education, entertainment, and other spheres of daily life in most countries.
Spamming is the use of messaging systems to send multiple unsolicited messages (spam) to large numbers of recipients for the purpose of commercial advertising, non-commercial proselytizing, or any prohibited purpose, or simply repeatedly sending the same message to the same user. While the most widely recognized form of spam is email spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam, online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social spam, spam mobile apps, television advertising and file sharing spam. It is named after Spam, a luncheon meat, by way of a Monty Python sketch about a restaurant that has Spam in almost every dish in which Vikings annoyingly sing "Spam" repeatedly.
Spamdexing is the deliberate manipulation of search engine indexes. It involves a number of methods, such as link building and repeating unrelated phrases, to manipulate the relevance or prominence of resources indexed in a manner inconsistent with the purpose of the indexing system.
Messaging spam, sometimes called SPIM, is a type of spam targeting users of instant messaging (IM) services, SMS, or private messages within websites.
Phishing is a form of social engineering and scam where attackers deceive people into revealing sensitive information or installing malware such as ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of computer crime.
A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform distributed denial-of-service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software. The word "botnet" is a portmanteau of the words "robot" and "network". The term is usually used with a negative or malicious connotation.
Online advertising, also known as online marketing, Internet advertising, digital advertising or web advertising, is a form of marketing and advertising that uses the Internet to promote products and services to audiences and platform users. Online advertising includes email marketing, search engine marketing (SEM), social media marketing, many types of display advertising, and mobile advertising. Advertisements are increasingly being delivered via automated software systems operating across multiple websites, media services and platforms, known as programmatic advertising.
An Internet bot, web robot, robot or simply bot, is a software application that runs automated tasks (scripts) on the Internet, usually with the intent to imitate human activity, such as messaging, on a large scale. An Internet bot plays the client role in a client–server model whereas the server role is usually played by web servers. Internet bots are able to perform simple and repetitive tasks much faster than a person could ever do. The most extensive use of bots is for web crawling, in which an automated script fetches, analyzes and files information from web servers. More than half of all web traffic is generated by bots.
Email harvesting or scraping is the process of obtaining lists of email addresses using various methods. Typically these are then used for bulk email or spam.
Rogue security software is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and aims to convince them to pay for a fake malware removal tool that actually installs malware on their computer. It is a form of scareware that manipulates users through fear, and a form of ransomware. Rogue security software has been a serious security threat in desktop computing since 2008. An early example that gained infamy was SpySheriff and its clones, such as Nava Shield.
Proofpoint, Inc. is an American enterprise cybersecurity company based in Sunnyvale, California that provides software as a service and products for email security, identity threat defense, data loss prevention, electronic discovery, and email archiving.
A web threat is any threat that uses the World Wide Web to facilitate cybercrime. Web threats use multiple types of malware and fraud, all of which utilize HTTP or HTTPS protocols, but may also employ other protocols and components, such as links in email or IM, or malware attachments or on servers that access the Web. They benefit cybercriminals by stealing information for subsequent sale and help absorb infected PCs into botnets.
Koobface is a network worm that attacks Microsoft Windows, Mac OS X, and Linux platforms. This worm originally targeted users of networking websites like Facebook, Skype, Yahoo Messenger, and email websites such as GMail, Yahoo Mail, and AOL Mail. It also targets other networking websites, such as MySpace, Twitter, and it can infect other devices on the same local network. Technical support scammers also fraudulently claim to their intended victims that they have a Koobface infection on their computer by using fake popups and using built-in Windows programs.
Social login is a form of single sign-on using existing information from a social networking service such as Facebook, Twitter or Google, to login to a third party website instead of creating a new login account specifically for that website. It is designed to simplify logins for end users as well as provide more reliable demographic information to web developers.
The term twitter bomb or tweet bomb refers to posting numerous Tweets with the same hashtags and other similar content, including @messages, from multiple accounts, with the goal of advertising a certain meme, usually by filling people's Tweet feeds with the same message, and making it a "trending topic" on Twitter. This may be done by individual users, fake accounts, or both.
SmartScreen is a cloud-based anti-phishing and anti-malware component included in several Microsoft products:
Slenfbot is the classification for a family of malicious software (malware), which infects files on Microsoft Windows systems. Slenfbot was first discovered in 2007 and, since then, numerous variants have followed; each with slightly different characteristics and new additions to the worm's payload, such as the ability to provide the attacker with unauthorized access to the compromised host. Slenfbot primarily spreads by luring users to follow links to websites, which contain a malicious payload. Slenfbot propagates via instant messaging applications, removable drives and/or the local network via network shares. The code for Slenfbot appears to be closely managed, which may provide attribution to a single group and/or indicate that a large portion of the code is shared amongst multiple groups. The inclusion of other malware families and variants as well as its own continuous evolution, makes Slenfbot a highly effective downloader with a propensity to cause even more damage to compromised systems.
Self-XSS is a attack used to gain control of victims' web accounts. In a Self-XSS attack, the victim of the attack runs in their own web browser, thus exposing personal information to the attacker, a kind of vulnerability.
A social bot, also described as a social AI or social algorithm, is a software agent that communicates autonomously on social media. The messages it distributes can be simple and operate in groups and various configurations with partial human control (hybrid) via algorithm. Social bots can also use artificial intelligence and machine learning to express messages in more natural human dialogue.
Rage-baiting or rage-farming is internet slang that refers to a manipulative tactic to elicit outrage with the goal of increasing internet traffic, online engagement, revenue and support. Rage baiting or farming can be used as a tool to increase engagement, attract subscribers, followers, and supporters, which can be financially lucrative. Rage baiting and rage farming manipulates users to respond in kind to offensive, inflammatory headlines, memes, tropes, or comments.
{{cite web}}
: CS1 maint: archived copy as title (link)