Social spam

Last updated

Social spam is unwanted spam content appearing on social networking services, social bookmarking sites, [1] and any website with user-generated content (comments, chat, etc.). It can be manifested in many ways, including bulk messages, [2] profanity, insults, hate speech, malicious links, fraudulent reviews, fake friends, and personally identifiable information.

Contents

History

As email spam filters became more effective, catching over 95% of these messages, spammers have moved to a new target – the social web. [3] Over 90% of social network users have experienced social spam in some form. [4] Those doing the “spamming” can be automated spambots/social bots, fake accounts, or real people. [5] Social spammers often capitalize on breaking news stories to plant malicious links or dominate the comment sections of websites with disruptive or offensive content. [6]

Social spam is on the rise, with analysts reporting over a tripling of social spam activity in six months. [7] It is estimated that up to 40% of all social user accounts are fake, depending on the site. [8] In August, 2012, Facebook admitted through its updated regulatory filing [9] that 8.7% of its 955 million active accounts were fake. [10]

Types

Spam

Commercial spam is a comment that has commercial content irrelevant to the discussion at hand. Many of the old email spam content resurfaced on social networks, from Viagra ads, to work-from-home scams, to counterfeit merchandise. Recent analysis showed social spammers content preferences changing slightly, with apparel and sports accounting for 36% of all posts. Others included: porn and pills (16%), SEO/web development (23%), and mortgage loans (12%). [11]

Social networking spam

Social networking spam is spam directed specifically at users of internet social networking services such as Google+, Facebook, Pinterest, LinkedIn, or MySpace. Experts estimate that as many as 40% of social network accounts are used for spam. [8] These spammers can utilize the social network's search tools to target certain demographic segments, or use common fan pages or groups to send notes from fraudulent accounts. Such notes may include embedded links to pornographic or other product sites designed to sell something. In response to this, many social networks have included a "report spam/abuse" button or address to contact. [12] Spammers, however, frequently change their address from one throw-away account to another, and are thus hard to track. [13]

Facebook pages with pictures and text asking readers to e.g. "show your support" or "vote" are used to gather likes, comments and shares which improve the pages' ranking. The page is then slightly changed and sold for profit. [14] [15]

Bulk

Bulk submissions are a set of comments repeated multiple times with the same or very similar text. These messages, also called as spam-bombs, [16] can come in the form of one spammer sending out duplicate messages to a group of people in a short period of time, or many active spam accounts simultaneously posting duplicate messages. Bulk messages can cause certain topics or hashtags to trend highly. For example, in 2009, a large number of spam accounts began simultaneously posting links to a website, causing ‘ajobwithgoogle’ to trend. [16]

Profanity

User-submitted comments that contain swear words or slurs are classified as profanity. Common techniques to circumvent censorship include “cloaking”, which works by using symbols and numbers in place of letters or inserting punctuation inside the word (for example, "w.o.r.d.s" instead of "words"). The words are still recognizable by the human eye, though are often missed by website monitors due to the misspelling.

Insults

User-submitted insults are comments that contain mildly or strongly insulting language against a specific person or persons. These comments range from mild name-calling to severe bullying. Online bullies often use insults in their interactions, referred to as cyberbullying. Hiding behind a screen name allows users to say mean, insulting comments with anonymity; these bullies rarely have to take responsibility for their comments and actions. [17]

Threats

User-submitted threats of violence are comments that contain mild or strong threats of physical violence against a person or group. In September 2012, Eric Yee was arrested for making threats in an ESPN comment section. [18] He started out discussing the high price of LeBron James shoes, but quickly turned into a stream of racist and insulting comments, and threats against children. [19] This is a more serious example of social spam.

Hate speech

User-submitted hate speech is a comment that contains strongly offensive content directed against people of a specific race, gender, sexual orientation, etc. According to a Council of Europe survey, [20] across the European Union, 78% of respondents had encountered hate speech online; 40% felt personally attacked or threatened; and 1 in 20 have posted hate speech themselves.

User-submitted comments can include malicious links that will inappropriately harm, mislead, or otherwise damage a user or computer. These links are most commonly found on video entertainment sites, such as YouTube. [21] When a user clicks on a malicious link, the result can include downloading malware to the user's device, directing the user to sites designed to steal personal information, drawing unaware users into participating in concealed advertising campaigns, and other harmful consequences. [22] Malware can be very dangerous to the user, and can manifest in several forms: viruses, worms, spyware, Trojan horses, or adware. [23]

Fraudulent reviews

Fraudulent reviews are reviews of a product or service from users that never actually used it, and therefore insincere or misleading. These are often solicited by the proprietor of the product or service, who contracts positive reviews, known as “reviews-for-hire”. [24] Some companies are attempting to tackle this problem by warning users that not all reviews are genuine. [25]

Fake friends

Fake friends occurs when several fake accounts connect or become “friends”. These users or spambots often try to gain credibility by following verified accounts, such as those for popular celebrities and public figures. If that account owner follows the spammer back, it legitimizes the spam account, enabling it to do more damage. [26]

Personally identifiable information

User-submitted comments that inappropriately display full names, physical addresses, email addresses, phone numbers, or credit card numbers are considered leaks of personally identifiable information (PII). [27]

See also

Related Research Articles

<span class="mw-page-title-main">Spamming</span> Unsolicited electronic messages, especially advertisements

Spamming is the use of messaging systems to send multiple unsolicited messages (spam) to large numbers of recipients for the purpose of commercial advertising, for the purpose of non-commercial proselytizing, for any prohibited purpose, or simply repeatedly sending the same message to the same user. While the most widely recognized form of spam is email spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam, online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social spam, spam mobile apps, television advertising and file sharing spam. It is named after Spam, a luncheon meat, by way of a Monty Python sketch about a restaurant that has Spam in almost every dish in which Vikings annoyingly sing "Spam" repeatedly.

Spamdexing is the deliberate manipulation of search engine indexes. It involves a number of methods, such as link building and repeating unrelated phrases, to manipulate the relevance or prominence of resources indexed in a manner inconsistent with the purpose of the indexing system.

Messaging spam, sometimes called SPIM, is a type of spam targeting users of instant messaging (IM) services, SMS, or private messages within websites.

<span class="mw-page-title-main">Phishing</span> Form of social engineering

Phishing is a form of social engineering and scam where attackers deceive people into revealing sensitive information or installing malware such as ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of computer crime.

<span class="mw-page-title-main">Orkut</span> Social networking website owned and operated by Google

Orkut was a social networking service owned and operated by Google. The service was designed to help users meet new and old friends and maintain existing relationships. The website was named after its creator, Google employee Orkut Büyükkökten.

An Internet bot, web robot, robot or simply bot, is a software application that runs automated tasks (scripts) on the Internet, usually with the intent to imitate human activity, such as messaging, on a large scale. An Internet bot plays the client role in a client–server model whereas the server role is usually played by web servers. Internet bots are able to perform simple and repetitive tasks much faster than a person could ever do. The most extensive use of bots is for web crawling, in which an automated script fetches, analyzes and files information from web servers. More than half of all web traffic is generated by bots.

Rogue security software is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and aims to convince them to pay for a fake malware removal tool that actually installs malware on their computer. It is a form of scareware that manipulates users through fear, and a form of ransomware. Rogue security software has been a serious security threat in desktop computing since 2008. An early example that gained infamy was SpySheriff and its clones, such as Nava Shield.

The Center for Countering Digital Hate (CCDH), formerly Brixton Endeavors, is a British not-for-profit NGO company with offices in London and Washington, D.C. with the stated purpose of stopping the spread of online hate speech and disinformation. It campaigns to deplatform people that it believes promote hate or misinformation, and campaigns to restrict media organisations such as The Daily Wire from advertising. CCDH is a member of the Stop Hate For Profit coalition.

<span class="mw-page-title-main">Proofpoint, Inc.</span> American cybersecurity company

Proofpoint, Inc. is an American enterprise cybersecurity company based in Sunnyvale, California that provides software as a service and products for email security, identity threat defense, data loss prevention, electronic discovery, and email archiving.

Srizbi BotNet is considered one of the world's largest botnets, and responsible for sending out more than half of all the spam being sent by all the major botnets combined. The botnets consist of computers infected by the Srizbi trojan, which sent spam on command. Srizbi suffered a massive setback in November 2008 when hosting provider Janka Cartel was taken down; global spam volumes reduced up to 93% as a result of this action.

A web threat is any threat that uses the World Wide Web to facilitate cybercrime. Web threats use multiple types of malware and fraud, all of which utilize HTTP or HTTPS protocols, but may also employ other protocols and components, such as links in email or IM, or malware attachments or on servers that access the Web. They benefit cybercriminals by stealing information for subsequent sale and help absorb infected PCs into botnets.

Koobface is a network worm that attacks Microsoft Windows, Mac OS X, and Linux platforms. This worm originally targeted users of networking websites like Facebook, Skype, Yahoo Messenger, and email websites such as GMail, Yahoo Mail, and AOL Mail. It also targets other networking websites, such as MySpace, Twitter, and it can infect other devices on the same local network. Technical support scammers also fraudulently claim to their intended victims that they have a Koobface infection on their computer by using fake popups and using built-in Windows programs.

A click farm is a form of click fraud where a large group of low-paid workers are hired to click on links or buttons for the click fraudster. The workers click the links, surf the target website for a period of time, and possibly sign up for newsletters prior to clicking another link. For many of these workers, clicking on enough ads per day may increase their revenue substantially and may also be an alternative to other types of work. It is extremely difficult for an automated filter to detect this simulated traffic as fake because the visitor behavior appears exactly the same as that of an actual legitimate visitor.

The term twitter bomb or tweet bomb refers to posting numerous Tweets with the same hashtags and other similar content, including @messages, from multiple accounts, with the goal of advertising a certain meme, usually by filling people's Tweet feeds with the same message, and making it a "trending topic" on X. This may be done by individual users, fake accounts, or both.

SmartScreen is a cloud-based anti-phishing and anti-malware component included in several Microsoft products:

Slenfbot is the classification for a family of malicious software (malware), which infects files on Microsoft Windows systems. Slenfbot was first discovered in 2007 and, since then, numerous variants have followed; each with slightly different characteristics and new additions to the worm's payload, such as the ability to provide the attacker with unauthorized access to the compromised host. Slenfbot primarily spreads by luring users to follow links to websites, which contain a malicious payload. Slenfbot propagates via instant messaging applications, removable drives and/or the local network via network shares. The code for Slenfbot appears to be closely managed, which may provide attribution to a single group and/or indicate that a large portion of the code is shared amongst multiple groups. The inclusion of other malware families and variants as well as its own continuous evolution, makes Slenfbot a highly effective downloader with a propensity to cause even more damage to compromised systems.

<span class="mw-page-title-main">Fakesysdef</span> Trojan targeting the Microsoft Windows operating system

Trojan:Win32/FakeSysdef, originally dispersed as an application called "HDD Defragmenter" hence the name "FakeSysdef" or "Fake System Defragmenter", is a Trojan targeting the Microsoft Windows operating system that was first documented in late 2010.

A social bot, also described as a social AI or social algorithm, is a software agent that communicates autonomously on social media. The messages it distributes can be simple and operate in groups and various configurations with partial human control (hybrid) via algorithm. Social bots can also use artificial intelligence and machine learning to express messages in more natural human dialogue.

Code Shikara is a computer worm, related to the Dorkbot family, that attacks through social engineering.

Rage-baiting or rage-farming is internet slang that refers to a manipulative tactic to elicit outrage with the goal of increasing internet traffic, online engagement, revenue and support. Rage baiting or farming can be used as a tool to increase engagement, attract subscribers, followers, and supporters, which can be financially lucrative. Rage baiting and rage farming manipulates users to respond in kind to offensive, inflammatory headlines, memes, tropes, or comments.

References

  1. Benjamin Markines; Ciro Cattuto; Filippo Menczer (2009). "Social spam detection". Proceedings of the 5th International Workshop on Adversarial Information Retrieval on the Web - AIRWeb '09. 5th International Workshop on Adversarial Information Retrieval on the Web (AIRWeb '09). pp. 41–48. doi:10.1145/1531914.1531924. ISBN   9781605584386.
  2. Rao, Sanjeev; Verma, Anil Kumar; Bhatia, Tarunpreet (30 December 2021). "A review on social spam detection: Challenges, open issues, and future directions". Expert Systems with Applications . 186: 115742. doi:10.1016/j.eswa.2021.115742.
  3. Tynan, Dan (3 April 2012). "Social spam is taking over the Internet". ITworld. Retrieved 5 August 2016.
  4. "Archived copy". Archived from the original on 15 October 2011. Retrieved 5 November 2012.{{cite web}}: CS1 maint: archived copy as title (link)
  5. "What is Social Spam? (And How to Avoid Creating It)". Constant Contact. 20 March 2012. Retrieved 5 August 2016.
  6. "Impermium – Google Impermium". Archived from the original on 15 October 2012. Retrieved 1 October 2016.
  7. Franceschi-Bicchierai, Lorenzo (1 October 2013). "Social Media Spam Increased 355% in First Half of 2013". Mashable. Retrieved 5 August 2016.
  8. 1 2 Olga Kharif (25 May 2012). "'Likejacking': Spammers Hit Social Media". Businessweek. Archived from the original on 25 May 2012. Retrieved 5 August 2016.
  9. "Form 10-Q". Sec.gov. Retrieved 5 August 2016.
  10. Kelly, Heather (3 August 2012). "83 million Facebook accounts are fakes and dupes". CNN. Retrieved 5 August 2016.
  11. "Impermium – Google Impermium". Archived from the original on 15 September 2012. Retrieved 1 October 2016.
  12. "How do I report spam on Facebook? | Facebook Help Center". Facebook. Retrieved 5 August 2016.
  13. "Why is it so difficult to catch a spammer?". Spam Reader. Retrieved 5 August 2016.
  14. "Yahoo News: Why 'Liking' Facebook virals makes scammers rich". Yahoo. 24 October 2012. Retrieved 5 August 2016.
  15. Coles, Sarah (15 July 2016). "How 'Liking' a page on Facebook makes cash for spammers". AOL. Archived from the original on 29 May 2016. Retrieved 5 August 2016.
  16. 1 2 Martin Bryant (1 September 2009). "New Twitter spam-bomb offers A Job With Google". The Next Web. Retrieved 5 August 2016.
  17. Hendrie, Alison (5 February 2010). "Complaint Box - Online Insults" . Retrieved 1 October 2016.
  18. Kelly Dwyer (19 September 2012). "ESPN aids authorities in arresting a man accused of making threats against children in a post about LeBron James | Ball Don't Lie - Yahoo Sports". Sports.yahoo.com. Retrieved 5 August 2016.
  19. Wilson, Simone (18 September 2012). "Eric Yee, Yale Dropout, Allegedly Threatened to Shoot Valencia Schoolkids, Aurora Style, in ESPN Chatroom". Blogs.laweekly.com. Retrieved 5 August 2016.
  20. kernel (1) / Error - Young People against hate speech online Archived March 28, 2013, at the Wayback Machine
  21. "Video sites pose highest risk of malicious links in 2011". Kaspersky. 1 March 2012. Retrieved 5 August 2016.
  22. "Socializing with malware on Facebook and Twitter..." BullGuard. 27 August 2015. Retrieved 5 August 2016.
  23. "Malware – Good to Know – Google". www.google.com. Archived from the original on 19 October 2011. Retrieved 17 January 2022.
  24. Hsu, Tiffany (18 October 2012). "Yelp's new weapon against fake reviews: User alerts". Los Angeles Times. Retrieved 5 August 2016.
  25. Fiegerman, Seth (18 October 2012). "Yelp Cracks Down on Fake Reviews With New Consumer Alerts". Mashable. Retrieved 5 August 2016.
  26. http://twitter.mpi-sws.org/spam/pubs/twitterSpam_WWW2012.pdf [ bare URL PDF ]
  27. "Get a high paying social media job today". 10 November 2022.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.