Facebook has a membership of over 350 million members worldwide which today makes it a prime target for spammers. In January of 2010, Facebook was the second most phished organization online. In 2009 networking company Cisco predicted that the volume of worldwide spam would increase by “30 to 40” percent in 2010.
Most people today are somewhat aware of how their email address is obtained for use in email spam. But few people know how spammers infect social networks.
In general to infect a social network spammers either create fake accounts, use bogus “friend” requests, use wall posts, private messages or social network applications.
Cloudmark, Inc., a messaging security company, has released a list of methods used by spammers to spam social networks they are:
- Dating spam – a personal message, often from a woman, to a male social network user inviting them to start a romantic relationship. Once contact is secured, this attack proceeds in much the same way as bride email scams;
- Profile and IM lures – spammers act as legitimate friends or potential new friends interested in getting to know the user in order to lure them to a fake profile page or Instant Messenger conversation;
- Redirection to inappropriate or dangerous websites – a message is sent to a user, warning them that photographs or rumors about them have been posted on an external site and urging them to go to the site to view;
- Nigerian attacks – similarly to Nigerian 419 spam traditionally seen over email, social networking users are targeted with messages alerting them to a fake inheritance or access to a rich stranger’s fortune;
- Fake jobs – sending personal messages or wall posts, spammers, posing as an employer, offer social network users fantastic job opportunities in order to spark conversation that will allow an avenue for further spam, phishing, malware or scams;
- Competitor social network lure – invitations that seem to be from legitimate friends are sent to users via wall posts or personal messages urging them to visit virtually unknown social networking sites;
- Religious based spam – spammers use social networking sites to preach to, and attempt to proselytise, users for various religions.
PCWorld reports that Max Kelly chief security officer of Facebook is aggressively going after spammers with the goal of knowing who and why the people are attacking their site. The highly successful social network has initiated a number of criminal and civil cases against people who have attacked their site. As a result, according to Kelly, “Facebook has “dozens of lawsuits in the works”.
Facebook’s Kelley and his security team must be working around the clock. And, one has to wonder if this battle against spam is one that they can ever win. According to Matthew Prince, co-creator of Project Honey Pot a group of people from 192 nations around the world who have organized to help stop spam.
What we have seen in the last five years is the industrialization of spam and cyber crime. It is a sophisticated multimillion-dollar business. There are specialists in harvesting e-mail addresses, specialists in creating the spam messages, specialists in producing the fake goods or pills and specialists in creating and controlling the botnets that send the spam out.”
This means that these million dollar businesses will modify their tactics in order to be successful. So, as stated in the Cisco report, spamming both of emails and social networks is going to increase.