Social spam-special-report-tele sign-impermium dec 2012

Uploaded on

Impermium has teamed with TeleSign to create this whitepaper on social spam. With TeleSign, suspicious customers are routed through a simple, user-friendly verification process, ensuring legitimate …

Impermium has teamed with TeleSign to create this whitepaper on social spam. With TeleSign, suspicious customers are routed through a simple, user-friendly verification process, ensuring legitimate users move through while fraudsters and criminals stay out. In conjunction with the Impermium real-time threat detection capabilities and global threat network, site owners can control how tightly to lock down their site, balancing a great experience for trustworthy users with an impenetrable one for the bad guys. The combined solution allows administrators to rest assured that transactions such as registration, commenting, and login are safe and secure, with a minimum of inconvenience to users and the business.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Prevent Social Spam and FraudFrom Sabotaging Your BrandSpecial ReportDECEMBER 2012Evolution of the Password Exploring Emerging Authentication and Verification Techniques TELESIGN WHITE PAPER
  • 2. Table of ContentsIntroduction ...........................................................................................................................................3Different Types and Sources of Social Spam ........................................................................4What’s at Stake? ..................................................................................................................................7Existing Approaches to Defending Against Social Spam ...............................................8Summary of Tactics ...........................................................................................................................11Shut the Front & Back Doors and Clean House .................................................................13 Shut the Front Door ............................................................................................................14 Clean House ............................................................................................................................15 Close the Back Door ...........................................................................................................16Conclusion.............................................................................................................................................18About TeleSign & Impermium......................................................................................................19References ...........................................................................................................................................20SPECIAL REPORT: PREVENT SOCIAL SPAM AND FRAUD FROM SABOTAGING YOUR BRAND IMPERMIUM.COM TELESIGN.COM 2
  • 3. IntroductionThe rise of social media hasIled The rise of social media has led Many sites are often poorly equippedto the proliferation ofIsocial to the proliferation of social to deal with the influx of social spam, spam.QCybercriminals are and without clear best practices,spam. Cybercriminals are attackingQsocial networks, web may experience difficulty choosingscamming users of social applications, and media sites, between mitigation options. Thisnetworks, online directories, and causing untold harm to the sites and special report explores the differentonline dating sites, which users in the form of lost revenue, types of social spam, reviews thedevalues the reputation of these maintenance costs, user attrition, and current methods used to identify and brand reputation damage. In stop social spam, and proposes asites and exposes them to new response, network administrators new paradigm for social networks torisks in the process. Social spam have devoted considerable resources predict and block malicious behavior.has become so pervasive that, to —with decidedly mixed results—to Sites need to adopt a new, two-foldcombat the issue, social regain control of their sites from approach to combatting social administrators are these attackers. First, they need to ensure that onlyincreasing security staff to The number of cyber attacks on legitimate users gain access to aprotect their users and preserve social networks, online directories social network. Second, socialtheir brand identification. and Web 2.0 sites has risen networks need to use automated dramatically in the last few years. tools to flag and remove malicious As users have flocked to social and offensive content in real time. networks, spammers have turned it In sites across the web, this dual- into the next battleground, enjoying pronged approach has proven success because of lower security effective at preventing criminals and hurdles and the relative ease of hackers from crippling brands and impersonating friends. People trust damaging their relationship with spam more when it comes from a customers, advertisers, and partners. "friend," and thus end up following links and being victimized more often compared to email spam.SPECIAL REPORT: PREVENT SOCIAL SPAM AND FRAUD FROM SABOTAGING YOUR BRAND IMPERMIUM.COM TELESIGN.COM 3
  • 4. Different Types and Sources of Social SpamUnderstanding the types of social Registration fraud: Bots and Sites like offer aspam is essential to designing “mechanical turks” are registering variety of bots that social spam scammers can purchase in order toeffective countermeasures. Let’s start fake accounts by the millions. automatically create accounts, addwith a quick primer of the different Attackers can distribute malicious friends, initiate spam chats, and muchtypes of social spam being promoted content to all of the friends or more.within the leading social network followers associated with an account. ‣ Automatic/manual CAPTCHAsites today: Facebook, for example, recently recognition tools or use of acknowledged [A] that a total of 8.7 CAPTCHA farms, which employAccount hijacking: Spammers often percent (or 83 million) accounts on people to crack CAPTCHAs for justdisguise themselves by hijacking the network are bogus. pennies a piece (see section belownormal users’ accounts for theirpersonal gain. Cyber miscreants steal Moreover, there are many sites that to learn more about the pitfalls oflogin information from existing social openly promote their social media CAPTCHA).media users via fraudulent phishing attack services to spammers, from ‣ Tools to automate the accountwebsites or by installing keystroke- selling fraudulent accounts in bulk creation and verification process bylogging malware. This is why social to delivering the software and creating unlimited numbers ofmedia users need to be on the services to perpetrate these Google Gmail or Microsoft Hotmaillookout for suspicious messages from attacks directly, including: accounts (such email accounts arefriends that include dangerous links usually required in order to create ‣ created softwareor promote dubious offers. Different new social media accounts). to automate the creation of fakefrom the spammers in traditional Services like CLAD Genius accounts, mass distributionsystems, such as SMS automate processes such as ad of tweets, and sell Twitterand email, social media spammers scheduling (auto-posting scam ads accounts to spammers,behave like normal social network within pre-defined time intervals). according to court filings’ [B]users and continuously evolve theirspamming strategies to fool anti-spam detection systems. DEFINITION: Socialbot A “socialbot” is a computer software program that creates bogus accounts on a particular social network and has the ability to perform basic activities such as posting a message and sending a friend request. If a user accepts a socialbot’s friend request, the bot gains access to the individual’s information and contacts, which it will also try to befriend, and so on.SPECIAL REPORT: PREVENT SOCIAL SPAM AND FRAUD FROM SABOTAGING YOUR BRAND IMPERMIUM.COM TELESIGN.COM 4
  • 5. Not surprisingly, the rate forpurchasing a fraudulent social mediaaccount has dropped significantlyover the last year. Sites allow customersto buy Twitter and Facebookaccounts in bulk. For example,customers can purchase 1,000Facebook accounts with completeprofiles and email logins (includingdate of birth) for just $250.Malware Spam: Social spam oftenlurks in embedded links attached tophotos, making it less obvious forusers to spot. The problematic issuewith social spam is that the messageis personalized to appear as if it Source: (November 2012)comes from a user’s actual friend’saccount. QFacebook stated [C] that less Like-jacking: There are two goals in A count of “Likes” is displayed onthan 4 percent of all posts were spam most social media scams: spread profiles and pages, so that friendswhile Twitter reported that 1.5 content quickly and make money. think a video has been watched bypercent of all Tweets were spam. Like buttons help achieve prompt one of their friends and assume it isComment spam: Spammers use the and widespread propagation, interesting or safe for them to watch.sharing features on social sites to particularly as social media users get When they click play, the samespread their messages. Click on a wise to traditional scams. Like- sequence of events happens tospammer’s link and it may ask you jacking is a common social-spam them. The scammer, meanwhile, isto like or share a page or allow an tactic that involves duping users into collecting a handsome commissionapp to gain access to your profile. clicking on images that appear as if from its shady merchants for eachUsing bots, fraudsters flood social those users’ friends clicked the like like referral news sites with tens of buttons associated with the images Malware placement: Hackersthousands of comments that, in thereby recommending them. commonly sow social spam bymany cases, are posted by the same In another ploy, users are offered an creating false profiles and thenspam networks that are paid to enticing video. Hidden behind the friending people they dont know.promote online pharmacies and play button could be an invisible like Once a hacker’s new friend clicksknockoff designer handbags. button. If clicked, the user might now on a questionable link, the spam be taken to a page that requires propagates as other friends in that some level of personal information user’s network do the same. Some before the video will play. Once social malware impersonates users provided the user is redirected to initiating chat sessions with friends. other pages to complete online Security experts warn that a growing surveys or get pitched dubious volume of sophisticated hacker products. attacks take information gleaned from social-networking profiles to trick people with convincing targeted messages.SPECIAL REPORT: PREVENT SOCIAL SPAM AND FRAUD FROM SABOTAGING YOUR BRAND IMPERMIUM.COM TELESIGN.COM 5
  • 6. Third-party apps: Malware can also apps that are flagged by users and Social spam can appear in manybe embedded in third-party apps also monitors apps for patterns that forms of user-generated content:that when installed give hackers look like spam and malware.control of users’ computers. There Personal information theft: Socialare tens of thousands of applications Fraudulent user signups media sites generate revenue withavailable to Facebook users and targeted advertising based onwhile Facebook may make every personal information. As such, they Blog postsreasonable effort to provide encourage registered users toprotection against malware, provide as much information assome third-party applications possible. While everyone knows Chat messagesmay not be safe. they should never share theirSome have the potential to infect social security and driver’s license Reviews & listingscomputers with malicious code, numbers, many social networkingwhich is used to collect data from the sites ask for, if not require, similarusers’ sites. For example, there are sensitive information that if exploited Discussion forum threadsstalker-like offers, promising to let can and will be used in a variety ofusers “see who viewed your profile” malicious ways. Message board postsor “view my top profile stalker.” Due to limited government oversightUnfortunately, sometimes installing a and lack of industry standards orbad app can also give it access to Direct messages incentives to educate regardingyour personal information, which security, privacy, and identitycould be stored by the app creator protection, users are left exposed to Commentsand possibly sold. Most of these identity theft and fraud. Additionally,malware apps get shut down social media websites and platformseventually by Facebook, which tracks URL & link submissions store confidential user information, which, if not properly secured and encrypted, could be vulnerable to any number of exploits. With the increased global use of social media, there are more opportunities than ever before for criminals to steal identities or perpetrate fraud online. For example, status updates posted on Twitter, Facebook and many other social media and online dating sites can be used maliciously. If you post that you’re out of town on vacation or away on business, you could be exposing yourself or your family to burglary, assault, or robbery. When it comes to stalking or stealing an identity, use of photo- and video- sharing sites like Flickr and YouTube provide deeper insights into you, your family and friends, your house, favorite hobbies, and interests. Often this information can be used to answer common security questionsSource: The Wall Street Journal Online (Spam Finds New Target, January 4, 2012) [E] for password recovery.SPECIAL REPORT: PREVENT SOCIAL SPAM AND FRAUD FROM SABOTAGING YOUR BRAND IMPERMIUM.COM TELESIGN.COM 6
  • 7. What’s at Stake?Impermium estimates suggest that Untrustworthy Analytics Call Center Costsspammers account for up to Fraudulent activity makes it hard to Account-users suspected of fraud40Qpercent of all social media know how many users of a social site may spend an average of 15 minutesaccounts and up to 8Qpercent of are real. If the numbers can’t be on the phone with call centersocial media messages sent; trusted, then the information is representatives for identityapproximately twice the volume worthless and social media sites verification. The fully loaded cost of aof six months ago. Spam affects and online directories lose their call center employee is estimated toover 4 million users every day on relevancy. By reducing the number of be at $30 per hour, meaning each callFacebook alone. [B] It’s not stopping fake accounts, a social website can would cost the social media websiteeither; the volume of spam on give the public both a more realistic $7.50. For a social network of 20Facebook is growing faster than indication of the genuine number of million users, the total fraud costtheir user base. users as well as offer accurate related to call centers alone could go assessments of brand popularity for up to $9 million a year.The volume of social spam and individuals on the network.resulting online fraud can completely Manual Review Costsalter the perception of a brand or Lost Ad Revenue Surprisingly, almost one-third of allindividual, making a product or Estimates suggest that customer Facebook employees fight spam inperson appear far more popular or attrition costs social networking sites some fashion or another. That meansrelevant than it/he/she actually is. $9.50 per lost-user in annual there are hard costs associated withFake accounts and artificial levels advertising revenue. This has a social spam as well. The larger socialof engagement are problematic knock-on effect for potential sites are using more automatedfor all social networks with advertisers on the platform too. If a algorithms and smaller sites are oftenconsequences including: significant number of the website’s relying on manual processes, but user base is made of fake accounts, either way there’s a price tagLost Users then the potential audience for an associated with addressing thisLow-quality content and security advertising campaign would be far problem.threats cause legitimate customers to smaller than it initially appears.lose confidence and interest in a Polluted Search Resultssocial networks and related services. A corollary to lost advertising Social spam pollutes the InternetIt is thought that pervasive spam was revenues is loss of advertisers. In a by adding noise. Everyone, savea major contributor to the mass user recent TechCrunch article[D] Limited the polluters, pays a price: Searchexodus from MySpace. Run, a startup that offers a software engines are less effective; users platform through which musicians waste time and attention on junkDamaged Reputation and labels can sell physical products sites; and honest publishers loseIt is difficult to quantify the impact such as vinyl records, claimed that 80 income. As a result, social spamthat social spam exacts on social percent of its Facebook ad clicks spoils the rich spirit of sharingnetworking sites and online came from bots, as opposed to real that is a hallmark of socialdirectories, but it is a definite people. Bots were loading pages and media websites.concern. A host site’s PageRank driving up the advertising costs ofand spam filtration can suffer Limited Run. This type of negativesignificantly by questionably press can be disastrous for socialgenuine social content. sites that rely on advertising revenue streams, as it can create a butterfly effect on other potential advertisers.SPECIAL REPORT: PREVENT SOCIAL SPAM AND FRAUD FROM SABOTAGING YOUR BRAND IMPERMIUM.COM TELESIGN.COM 7
  • 8. Existing Approaches to Defend Against Social SpamWithout tight, seamless controls, fake Here are a few ways social media that occur every day, they no longeraccounts become prevalent. Social sites and online directories are account for it in sites, dating sites, and online combatting social spam anddirectories need to practice and preventing registration and creation In India and other countries acrossevolve their spam-handling of fake accounts: the world, CAPTCHA-breakingapproaches in order to reduce fraud, companies employ people whosepreserve brand awareness, and keep CAPTCHA sole job is to crack CAPTCHA codes.consumers safe. This means battling Many social media sites and online These CAPTCHA-crackers can earncyber criminals and security threats directories rely on Completely more per day than they can asby investing in the necessary tools Automated Public Turing Test To legitimate data-processing centers;that ensure that the benefits of the Tell Computers and Humans Apart most earn between 1/10 and 1/8 of atime and cost commitment of their (CAPTCHA) implementation for cent per CAPTCHA solved and, inefforts far exceed the revenues preventing bogus accounts from turn, charge spammers betweencriminals might otherwise generate. being created. CAPTCHA is a $1.30 and $2.00 for every 1,000 program that can generate and grade solved CAPTCHAs. tests that humans can pass, but many current computer programs In order to stay ahead of the bots, sites have made CAPTCHAs even more distorted and difficult. This has led to increased end-user frustration as legitimate users—including but not limited to the elderly, non-English- speaking users, and those with visual disabilities—often fail to decipher the letters several times before properly (i.e., bots) cannot. translating the CAPTCHA. CAPTCHAs can provide a simple Ban the Spammers defense against most bots, but they Banning members from the network can still be cracked. Social spammers is another way to get rid of spam, but can leverage OCR (optical character there’s no easy answer as to recognition) technology to decipher how it should be executed. Creating a CAPTCHAs, even when they are functional, fully automated algorithm distorted. Some sites have fought to catch and filter spammers is back by incorporating images into difficult at best. Moreover, CAPTCHAs, but this is only effective experienced spammers will continue against bot-driven CAPTCHA to create new accounts using fresh IP crackers. While automated attackers addresses and registration info. may be responsible for a majority of the CAPTCHA-breaking attemptsSPECIAL REPORT: PREVENT SOCIAL SPAM AND FRAUD FROM SABOTAGING YOUR BRAND IMPERMIUM.COM TELESIGN.COM 8
  • 9. Ghosting Human Moderation BlacklistingGhosting is something that several Many companies begin with manual Facebook has been expanding itssocial media sites do to reduce processes for moderation that are URL blacklist system, which usesspamming. Once a social network or either performed by employees or by data from partners including Intel’sonline directory decides a user is outside firms. While people-based McAfee, Google, and Websense tospamming, it will allow that user to approaches do have low start-up detect and block known threats.keep up his/her spamming activities, costs and may initially present Facebook Immune System inspectsbut will “ghost” all activities, making greater flexibility for defining policies, every action on the site, using thethem invisible to all other users on the slow pace, high cost, and reputation of the cookie or IP addressthe site. inconsistent quality limit the value of involved to halt any suspicious such solutions. action.With ghosting, a spammer may beabsolutely unaware of the fact that Neighborhood Policing Facebook also employs a tool calledhe/she has been banned. He/she may Some social media sites rely on their “link shim” to flag blacklisted URLs:go around submitting and voting on users to identify and report spam. Every time a link on the site isstuff, but what he/she doesn’t know Many sites have a “report spam/ clicked, the link shim will check thatis that his votes and submissions are abuse” email address link. Pinterest, URL against its own internal list ofinvisible to everyone except himself/ for example, encourages users to malicious links. If Facebook detectsherself. The intent of ghosting was form a virtual neighborhood watch that a URL is malicious, it will displaygood: To crack down on flagrant and report spam using its "Report an interstitial page before thespammers. However, because it Pin" button to tag spam. Spammers, browser actually requests theemploys deception, any mistakes or however, frequently change their suspicious page. Unfortunately, thebugs in the system can be extremely address from one disposable account “link shim” solution and thedifficult to diagnose and infuriating to another, rendering this tactic comprehensive blacklisting servicefor legitimate users. impotent and ineffectual. And forcing are proprietary to Facebook and not this burden on your most trusted available to other social media sitesClosed Community users can erode the long-term and online directories. AnotherIn an effort to avoid spam some engagement with your site. weakness of the blacklist approachemerging communities prefer to stick is that it is reactive and only locksto an application-based registration Site Integrity Systems known URLs. But, when spammersprocess. It works like this: The user Due to spammers’ negative effects regularly register hundreds ofsubmits an application to join, the on users and brands, beyond different URLs for a singleeditor reviews the application and prosecuting them, social websites are campaign, existing blacklistsdecides whether to approve the user staffing up to address the issue. provide little defense.or not. Manual review is surely one Facebook claims it has 300way to guarantee genuine dedicated employees to overseemembership. However, this inherently security. Facebook and Twitter haveanti-social approach is costly, and hired programmers and securitymay scare away many people from specialists to deflect the flotsam.even “Tens of millions of dollars are spenttrying to join. on our site-integrity systems, including hundreds of full-time employees,” says Facebook spokesman Frederic Wolens.[F]SPECIAL REPORT: PREVENT SOCIAL SPAM AND FRAUD FROM SABOTAGING YOUR BRAND IMPERMIUM.COM TELESIGN.COM 9
  • 10. Automated ToolsSocial networks are also employingautomated services to crack down on Sorrythe problem. There are now tools thatsearch user/subscriber news feeds The link you are trying to visit has been classified as potentially abusive by Facebook partners. To learn more about staying safe on the internet, visit our Facebookʼs Security Page. Please alsofor suspected social malware and read the Wikipedia articles on malware and phishing.scams. When such a tool finds asuspect post, it leaves a comment Website reported for spam, malware, phishing or other abuse This warning is provided in collaboration with Web of Trust. Learn Moreindicating that the item is likely ascam or malware. Ignore this warning Return to previous pageOther solutions, like Impermium’sIntelligent Content Protection (ICP),remove offensive and unsolicitedcontent in real time. This allows an Community Rating Services Despite the rapidly growing problemorganization to flag comments and Social media sites can also partner of social spam, there remain fewposts as soon as they are submitted with crowd-sourced rating commercial products that provideon their website. Content is analyzed community websites like Web of adequate protection. Left with fewacross hundreds of dimensions to Trust (WOT) to help educate their alternatives, many sites try toidentify violence, racism, hate speech, users. WOT widens the scope of Web develop their own, only to find thatprofanity, and other safety from purely technical security the cost of monitoring and clean upforms of offensive content and to helping people find sites that they quickly becomes a major expense.communication. From there, entries can trust. Based on ratings fromcan be blocked, allowed, or handled millions of web users and trustedin a custom workflow based on the technical sources, WOT calculatescompany’s site policy. the reputation for websites, using traffic light-style icons displayed viaImpermium’s ICP provides protection search results, social mediafor many diverse types of user- platforms, webmail, and manygenerated content, including popular sites. Green indicates acomments, reviews, captions, chat trustworthy site; yellow tells usersmessages, and message board posts. that they should be cautious,The Impermium ICP system relies on while red indicates a potentiallyan artificial intelligence-based dangerous site.language and content analysisengine, its “user reputation” databasefor detecting repeat offenders, andits global threat network of morethan 300,000web sites, portals, social networks,and related properties aroundthe Internet.SPECIAL REPORT: PREVENT SOCIAL SPAM AND FRAUD FROM SABOTAGING YOUR BRAND IMPERMIUM.COM TELESIGN.COM 10
  • 11. Summary of Tactics Methodology Description Phase LIkes Dislikes CAPTCHA A CAPTCHA is a Account Provides basic layer to Users’ struggle to program used to verify registration, prevent basic bot attacks interpret characters that a human, rather posting comments than a computer, is Easily cracked by entering data. CAPTCHA (human-based) farms, CAPTCHAs ask users to bots and auto-solving programs enter text from distorted images. Close the The site limits users by Account May work for small, more Requires manual review Community having them complete registration niche-oriented social an online application media sites and online May turn off legitimate users and the site approves directories High cost or rejects membership based on a strict set of Strict control over site Runs counter to the spirit of criteria. membership openness cultivated by most social media sites Phone Verification Phone verification Risky account Leverages the phone Inability to flag spam or sends a one-time registrations and as second factor for fraudulent posts/comments verification code to a account changes authentication user via an automated Doesn’t prevent access for voice call or SMS (text) SMS or voice messages to real but possibly harmful users. message. The user then verify account changes enters this one-time Global coverage verification code onto the website to verify No start-up costs that the number provided is valid and Ability to determine belongs to that user. high-risk phone types (pre-disposed to fraud) Ghosting If a user is identified as Posting and Silent banning can make Challenge in determining what a spammer, sites will commenting the posts of known constitutes spam allow the user to keep spammers invisible up his/her spamming Inadvertent banning of legitimate activities, but will users (false positives) “ghost” all of his/her Complicated business rules are activities such that they difficult to troubleshoot are invisible to everyone in the community except him/her. Human Social sites hire Posting and Low startup costs High number of false positives Moderation moderators who commenting manually review posts Flexibility in establishing Difficult to manage with higher and comments. The policies volumes of traffic moderation is either Inconsistent quality across performed by moderators and geographies employees or by outside firms.continued on next page >>SPECIAL REPORT: PREVENT SOCIAL SPAM AND FRAUD FROM SABOTAGING YOUR BRAND IMPERMIUM.COM TELESIGN.COM 11
  • 12. << continued from previous page Methodology Description Phase LIkes Dislikes Neighborhood Sites rely on their users Posting and Keeps with the spirit of a Ineffectual when fraudster can Policing to identify and report commenting social network being an create new accounts with ease spam by encouraging online community users to form a virtual Potential for false positives neighborhood. Difficult to capture malware attacks (?) Site Integrity These are homegrown Posting and More comprehensive Often proprietary solutions Systems systems developed by commenting solution developed by the major players larger social media sites to identify and report Expensive spam. Facebook’s Labor-intensive automated system, for example, removes Likes gained by malware, compromised accounts, deceived users, or purchased bulk Likes. Blacklisting Blacklisting attempts to Posting and Leverages multiple Proprietary black lists detect and block commenting blacklists across industry known threats using an leaders High costs to create from scratch aggregate list of known Detects malicious links Requires partnering with leading URLs involved in industry providers in order to previous spam or Reputation-based develop a comprehensive and malicious attack. A site approach usable blacklist. inspects every action on the site, using the Reactive measure because reputation of the blacklists only include existing cookie or IP address and known URLS that are involved to halt any malicious (i.e. they don’t suspicious action. include new URLs created by fraudsters and spammers) Automated Tools Automated tools Posting and Higher accuracy Costly to develop and remove offensive and commenting maintain in-house. unsolicited content in Comprehensive real-time. Content is categorization algorithm Require sophisticated analysis analyzed and of attacks in real-time. Fewer false positives categorized and either May require calibration blocked, allowed, or Rapid time-to-value to site specifics. handled in a custom workflow based on the Non-proprietary company’s custom site policy. Minimal start-up costs Community Rating Community rating Posting and Verifies reputation of No ability to prevent fraudulent Service services leverage commenting embedded links in posts accounts from being created crowd-sourced ratings from millions of web Relies on worldwide No ability to prevent account users and trusted community to rate compromise and hijacking technical sources, in websites Inability to accurately capture and order to calculate score fresh websites/URLs given website reputation the speed in which new sites are created by spammers and fraudstersSPECIAL REPORT: PREVENT SOCIAL SPAM AND FRAUD FROM SABOTAGING YOUR BRAND IMPERMIUM.COM TELESIGN.COM 12
  • 13. Shut the Front & Back Doors and Clean HouseSocial networks, online directories, and onlinedating sites need to adopt a layered approachto spam prevention using multiple tools to ensurethat they and their legitimate users are protected.TeleSign’s recommendation is to take aholistic, three-prong approach: 1 Shut the front door Shut the front door by phone-verifying risky new accounts. 2 Clean house Clean house with automated spam cleansing. 3 Close the back door Close the back door by validating key account changes. (e.g., password resets)SPECIAL REPORT: PREVENT SOCIAL SPAM AND FRAUD FROM SABOTAGING YOUR BRAND IMPERMIUM.COM TELESIGN.COM 13
  • 14. 1 Shut the front door Shut the front door by phone-verifying risky new accounts.A key ingredient of this plan is These data points can be aggregated Phone Verificationvalidating your user base; something into a spam likeliness score that If a specific registration is deemed toTeleSign calls “shutting the front recommends a specific action be risky, social media sites and onlinedoor.” Shutting the front door including allowing, blocking, or directories can utilize phone-basedmeans preventing spammers and flagging an online registration. Most verification to authenticate legitimatefraudsters from getting into the registrations are allowed, but any users and repel fraudulent by flagging them during suspicious signups can be challenged Here’s how it works:the registration process. with phone verification. This helps ensure that the site strikes the right 1. User is prompted to provideSocial media sites often employ user- balance between security and user a phone number at accountunfriendly solutions like CAPTCHA or experience. Many social media sites registrationrely on email verification in isolation, and online directories do not want to 2. Site sends a one-time verificationwhich can easily be sidestepped by introduce unnecessary friction to the code to that phonebots and other technologies or signup process (i.e., add extra hurdlestechniques that create bogus that legitimate customers have to 3. User enters that verificationaccounts. jump through in order to complete code onto the website to their online registrations). activate the accountInstead, online sites can now takeadvantage of new automated For example, a social network or So what does phonesolutions that make real-time risk online directory can create certain verification accomplish?assessments about whether to velocity triggers on accounts Phone verification accomplishes twoaccept, flag, or reject an online created such as: things: 1) it verifies that the phoneregistration. Solutions like number provided is valid, and 2) itImpermium’s Intelligent Content ‣ Number of accounts created by the verifies that the user is in possessionProtection are particularly well suited same IP address during a certain of that phone. This adds friction tofor account validation since they period of time. the registration process, but givenanalyze a number of data points to ‣ Low-volume passwords that have the ubiquity of phones they’vedetermine the likeliness that a given been used five+ times over the past become an extension of our ownregistration is fraudulent. 48 hours for account registration. identities. Phone verification is a practical and simple way to verify ‣ Location of IP address on any login your user’s online identity. (especially first three logins) is more than 150 miles away from the location of the IP address used to create the account. ‣ Irregular activity such as a flurry of friend requests/comments shortly after account creation (i.e., track the deviation of the network’s average behavior versus outlier behavior that is out of the norm).SPECIAL REPORT: PREVENT SOCIAL SPAM AND FRAUD FROM SABOTAGING YOUR BRAND IMPERMIUM.COM TELESIGN.COM 14
  • 15. Phone verification can also be used in Phone Type Risk Level Rationalethe future when a user logs in from adifferent IP address or a differentdevice. This can trigger an Fixed Line Low Risk Traced back to specific address.authentication event to the verified (landline) Cannot be obtained by a user inphone number on record and another country.prevents fraudsters that successfullyhave phished credentials from taking Mobile Low Risk Users must sign contracts with carriers.over a user’s account. Numbers are traceable.Companies like Google have Prepaid Medium Users are not contracted.employed phone-based verification Mobile Risk Low cost add an extra layer of security. Inaddition to username and password,users with two-step verification get Non-Fixed High Risk Easily obtained in other countries.prompted to enter a code that VoIP Untraceable.Google sends via text or voice Disposable.message when they attempt tonegotiate a login from a different IPaddress from that on record. Importance of Phone Type higher risk for fraud and spam. VoIP Adding phone verification to the phone numbers are Internet-basedThis two-step verification drastically process is a crucial first step, but telephone numbers that canreduces the chances of having the some sites are going further still. easily be obtained by users in otherpersonal information in a user’s An increasing number of social media countries. They are untraceableonline account stolen by someone sites and directories now require new and disposable; some can evenelse. Why? Because hackers would registrants to use low-risk phone be obtained for free. This meanshave to execute on two fronts: 1) they types such as mobile or landlines for that a fraudster in a foreign countrywould have to steal a user’s phone verification. Many social sites could easily obtain a U.S.-basedusername/password and 2) they also block higher-risk phone types telephone number (using awould have to steal the user’s phone. such as prepaid mobile phones and non-fixed VoIP service) to receive the VoIP phones which are correlated to verification call. higher levels of fraud and spam. TeleSign’s PhoneID solutions provide Companies like TeleSign can merchants access to real-time determine the phone type and business intelligence to predict and other important phone prevent online fraud. PhoneID characteristics such as whether identifies user phone type, provides the phone is active, roaming status, merchants with accurate data to and the name registered to the assess high-risk transactions, and can phone. These details provide simply determine if a phone can additional business intelligence receive an SMS. PhoneID enables and powerful fraud signals. social media sites and online directories to quickly identify high- Phones that can be purchased risk registrations and at the same anonymously or that do not require time, reduces undeliverable messages the end user to be contracted with a through identification of mobile phone company are often a SMS-enabled devices before sending verification SMS messages.SPECIAL REPORT: PREVENT SOCIAL SPAM AND FRAUD FROM SABOTAGING YOUR BRAND IMPERMIUM.COM TELESIGN.COM 15
  • 16. 2 Clean house Clean house with automated spam cleansing.While many believe human New online cleansing tools actively Impermium can also flag potentialmoderation to be the gold standard monitor all user-generated content spammers and work with two-factorof social spam defense, the combined from blog posts, comments, message authentication providers, likepressures of speed, monotony, and board posts, chat messages, reviews TeleSign, to enforce phone-basedcost controls often lead to significant and listings. Unlike human verification before posts aredrops in performance. moderation teams, automated tools validated. Another benefit of using a work proactively and in real time, leading automated spam cleansing removing offensive content before solution is that these vendors can users even see it. spot spam trends across different social networks and incorporate that A recent performance test compared intelligence into their scoring Impermium’s automated solution algorithms. Collectively, these against a top human moderation tools and intelligent scoring can service firm that specializes in dramatically reduce the amount removing bad social content for of social spam and improve the websites of major consumer brands. user experience. Both services were given 10,000 social comments and tasked with identifying social spam. Here are the results: Metric Imperium Human Moderation Time to Process 19 seconds 2-3 days Accuracy 99.5% 95% False Positives 4 79SPECIAL REPORT: PREVENT SOCIAL SPAM AND FRAUD FROM SABOTAGING YOUR BRAND IMPERMIUM.COM TELESIGN.COM 16
  • 17. 3 Close the back door. Close the back door by validating key account changes. (e.g., password resets)Once a user’s phone number is on their online activities. A user’s phone that matter most to their users andrecord, a social media site or online number and the activities associated can use that same number with that phone number provideto verify any key account changes or important insights. Phone numbersreset the user’s password. These are tied to fraudulent activity can beoften backdoors that fraudsters can blocked early on instead of lettingcrack open to hijack an account. the fraudster stay on the website. By analyzing user data more closely,Verifying users for these high-risk online properties have thechanges makes it much more difficult opportunity to stop and block fraudfor a hacker to break into someone’s faster and more efficiently.account. In fact, some websitesregularly verify their end users (e.g. Social media sites and onlineafter every 30 days). directories no longer have to maintain their own dedicatedWith valid user phone numbers on engineering teams to keep their sitesrecord, social media sites and online safe from spam and abuse.directories can take a more Combining phone-based verificationfrictionless approach to verifying with automated spam cleansing freesusers by conducting a series of webmasters to focus on the thingsanalytics in the background based onSPECIAL REPORT: PREVENT SOCIAL SPAM AND FRAUD FROM SABOTAGING YOUR BRAND IMPERMIUM.COM TELESIGN.COM 17
  • 18. ConclusionIt’s clear that yesterday’s email In response, these sites have resorted It also means going beyond humanspammers are today’s social to a variety of measures including moderation to a more automatedspammers. Social media exploitation human moderation, ghosting, approach that scans all posts andtechniques are evolving fast. neighborhood policing, and comments in real time minimizingSpammers on the social web exploit blacklisting to thwart fraud. But these the number of false positives whilenearly every large consumer brand or methods have inherent shortcomings preserving a sense of opennesssignificant news event. This should that neither adequately prevent within the community and ease ofcome as no surprise. The payoffs are bogus account creation nor use.better, detection is more difficult, and accurately flag potential fraudulentthe social networks are only just posts and comments. It’s inevitable that spammers willstarting to develop strategies to continue to evolve their tactics totackle the issue. circumvent new approaches and technologies, so too must the socialSocial networks, online directories, It’s time to take networks. Remember, it was onlyand online dating sites have after the advent of antivirus and anti-struggled to keep up with spammers a more holistic spam software, in conjunction withwho have adapted defensivetechniques to avoid detection and at approach with widespread user education, that email spam started its decline.the same time have created new new tools. To reverse the trend of social spam,vectors to exploit. Bulk accounts forpopular social networks can now be social networks, online directories,purchased on the black market for It’s time to take a more holistic and online dating sites (and theirpennies. Automated tools are freely approach with new tools that are users) need to raise their collectiveavailable to create posts, add bogus now available to give these social games by adopting the right networks and online directories an technologies, injecting the rightcomments, inject malware withinlinks, and generate friend requests. upper hand in combatting fraud. It processes, and raising the awareness starts with shutting the front door levels of consumers to a healthy doseSocial spam is starting to take a and preventing bogus accounts from of skepticism before theysignificant toll. Sites that fail to being created. This means adding click on any links – even those thataddress social spam face business some friction to the registration appear to come from your user’s bestrisks that include lost customers, process by asking the right friends.reduced advertising revenues, questions, leveraging data, andincreased customer support costs, phone-verifying high-risk registrants.distorted analytics, and the inability This is a delicate balance betweento accurately evaluate their user maintaining privacy without exposingbases and determine the real costs of these sites to the rampantnew customer acquisition. However, proliferation of fake, bulk accounts.most importantly, social spam caneviscerate the brandand reputation of the site forwhich the host site is trying tobuild an audience.SPECIAL REPORT: PREVENT SOCIAL SPAM AND FRAUD FROM SABOTAGING YOUR BRAND IMPERMIUM.COM TELESIGN.COM 18
  • 19. Impermium provides user-generated content Every second of every day, TeleSign protects management for websites and social networks, the worlds largest Internet and cloud properties defending them against social spam, fake against fraud. registrations, racist and inappropriate language, TeleSign Intelligent Authentication provides an and other forms of abuse. easy-to-implement and powerful method for Our system combines advanced technology identifying and substantially reducing online and broad, Internet-scale threat information fraud and spam using the most widely deployed to provide cost-effective, real-time protection technology — a users phone. for more than 300,000 sites across the globe. The company protects 2.5 billion downstream Founded in 2010, Impermium is backed by accounts in more than 200 countries and Accel Partners, Charles River Ventures, Greylock territories, offering localization services in Partners, Highland Capital Partners, and the 87 languages. Social+Capital Partnership. In 2012, TeleSign ranked #23 on the Deloitte Technology Fast 500™ and was named Visionary Impermium Corporation in Gartner’s User Authentication Magic Quadrant. 900 Veterans Boulevard Redwood City, CA 94063 TeleSign Corporation 888-496-8008 4136 Del Rey Ave Marina del Rey, CA 90292 US +1 310 740 9700 @impermium UK +44 (0) 330 808 0081 @telesign GetStarted@TeleSign.comSPECIAL REPORT: PREVENT SOCIAL SPAM AND FRAUD FROM SABOTAGING YOUR BRAND IMPERMIUM.COM TELESIGN.COM 19
  • 20. ReferencesA. Protalinski , E. CNET. Facebook: 8.7 percent are fake users. Retrieved August 1, 2012, from Tarantola, A. GizModo. Twitter Declares War on Spambots, Takes Tool Developers to Court. Retrieved April 6, 2012, from Finn, G. MarketingLand. The Rise Of Social Spam: 1.5% Of Tweets & < 4% Of Facebook Posts Are Spam. Retrieved January 4, 2012, from facebook-posts-are-spam-2571.D. Taylor, C. TechCrunch. Startup Claims 80% Of Its Facebook Ad Clicks Are Coming From5Bots. Retrieved July 30, 2012, from clicks-are-coming-from-bots/.E. Fowler, G., Raice, S., and Efrati, A. Wall Street Journal Online. Spam Finds New Target. Retrieved January 4, 2012, from SB10001424052970203686204577112942734977800.html.F. Kharif, O. Bloomberg BusinessWeek. ‘Likejacking: Spammers Hit Social Media. Retrieved May 24, 2012 from REPORT: PREVENT SOCIAL SPAM AND FRAUD FROM SABOTAGING YOUR BRAND IMPERMIUM.COM TELESIGN.COM 20