Social Media Spam, Scam’s and Malware

18th Jan, 2011

It was interesting to read that e-mail spam has significantly dropped, worldwide, since last summer. Even I have even noticed a huge drop off in spam to my Gmail account in the last number of weeks. I had put it down to better protection from Gmail, not allowing even the most obvious of spam reach my account in the first place. The BBC reports that spam messsages dropped from 200 billion per day in August 2010, to 50 billion in December 2010, suggesting this is possibly due to a curtailment of activity of the worst offending botnets.

While this decline in email spam is more than welcome, it comes at a time when social media spam and scams are at an all time high. With Facebook heading for 700 million users before the end of the year is it any surprise that social networks are more frequently becoming the target of such activity? A report released just before Christmas said that 20% of Facebook users encounter malware and I’m seeing more and more updates on scams hitting social networks than ever before. (Update: since posting this, I have found an article that suggests spam has doubled in 18 months on social networks). just found this article which supports its growth

This is a subject I’ve touched on before. Since that original post last August Facebook have implemented a new feature for page admins – a spam folder. This aims to catch any spam posts to page wall’s. It’s relatively successful and catches about 80% of spam posts, but admins still need to be vigilant for those posts that get passed it.

Facebook Spam

Facebook posts that are spam always come with a headline that screams at the viewer to click on a link. Sometimes it’s blatantly obvious that the message is spam, sometimes less so. At the end of last year an app developer called BitDefender did an online test amongst a network of 1900 contacts on both Twitter and Facebook. 97% of the contacts admitted clicking on malware links in the test, although these results may be somewhat skewed, it is obvious that many users do click on links without thinking first, especially if it looks like a friend has already liked or clicked on that link.

This blind clicking, can lead to many different problems, as pointed out by Facecrooks.

Phishing – could identify fake log in details and have the scammer contact your friends. It’s usually done by luring you to a fake Facebook log in page to get your password.

Like Jacking – A fake message asking the user to click a link and it displays names of other friends who have supposedly clicked like. Once the link is clicked the user is asked to click another button to confirm another detail. By clicking on this the user is activating code to post the same message (and scam) to their own network of friends.

Subscription – lures users into subscribing to a service by mobile phone charge or credit card.

Malware – the most dangerous as this entices users to click a link the ultimately could send “worms, viruses, Trojans, keyloggers, etc into their computer.  These malicious programs could then be used to collect personal data, hijack online accounts [bank, PayPal, email, Facebook], send malware infested links to email and social media contacts, control user’s computer to perform click fraud or ‘cyberwar’/DDoS.” Some scary stuff there.

What do these links look like?

In December alone reported on ten different types of scams that were widespread on Facebook. From offering free Facebook Credits, sex tapes and sleeping pills to this ‘Whats new on Farmville’ page (below). It may seem harmless enough until it asks you to create a message for the app to leave on your wall. It spams all your friends wall’s and then offers you 200 Farm Cash, Farmvilles in game currency, to you to complete a survey. The scammer gets a commission on each completed survey and the user gets malware downloaded onto their computer, and we all know what malware does. Don’t forget the users friends have all now been spammed with a message inviting them to be scammed.


How to Identify Scams

Over on Facecrooks there’s a great post on how to identify and protect yourself against such Facebook scams. The have some common attributes we should be watching out. These include;

– Asking the user to paste a code into their browser

– Asking the user to post links to other pages and invite their friends to claim their prize. This only spreads the scam.

– Fake log in pages, these are identifed by the URL. It’s safest to only use

– The user is asked to provide private or confidential information such as credit card or mobile number.

Twitter Malware

Twitter isn’t exempt from such malicious attacks, but they seem to be less prevalent. No doubt that has a lot to do with the size of that network in comparison to Facebook, rather than Twitter offering better protection. These can be worms spreading links to sites distributing malware. Twitter’s realtime element often works against it in these cases. It’s not unusual for people to retweet messages from others, especially if they are topical. So scammers have been playing on this when distributing tweets linked to malware.

Malware on Mobile

The findings of a study released just last week suggested the biggest threat to mobile devices from malware is via social networks. The study examined one link in particular which was clicked over 28,000 times. Almost a quarter of these clicks coming from mobile devices. With rapid growth in the sale of smartphones, and Facebook’s entrance into location based networking, this figure could rise significantly.

The best advice that can be offered is to not click on links where the source or content of is a little suspicious. In the case of social networks it may look like a connection sending a link. However these messages always come with a claim that never sits quite right, they’re screaming to click on the link in order to be rewarded in some way. Most people don’t speak, talk, or write like that unless they’re trying to persuade you do carry out an action. It’s better to be safe than sorry and if the link is that good, it can always be clicked later once you have verified the source.