As is obvious to whoever surfs in the social media world, Spam on social networking sites is on the rise. As we show in our latest paper, malicious users leverage the ease of reaching thousands of users these platforms provide to deliver their messages to as many people as possible. In addition, the personal information that's available through social networks allows spammers to target their campaigns to those users that are more likely to fall for them. In our paper, we show how adult dating spam on Facebook mostly targets male users. However, most spam campaigns, both on Twitter and on Facebook, are pretty easy to detect, and the profiles that carry them out get shut down fast. The reasons are mainly two: the first one is that spammers activity differs quite a lot from human one, and this make detection of spam profiles possible. The second one is that spam bots generally target their victims randomly, and this produces social graphs that are very different from the ones of real people (that, in general, have a very dense "core" of mutual friends in their graph).
Of course, spammers are coming up with smarter solutions, that make detection harder. Since a few months, I noticed spam profiles on Twitter contacting only people that are linked together. This can easily resemble a real social graph, and from one side makes detection harder. On the other hand, this technique attracts more victims, since people are more likely to befriend somebody if this person is already friend with many of their friends (expecially if it is a cute girl... you get it.). Given these observations, I started wondering how much effort it would take for somebody to create a profile, "merge" into a real social network by contacting people that are linked together, and, after having a few hundreds friends, start spamming.
To check this, I created a fake Facebook profile, and started contacting some people that were connected together. A boost to this process is given by the fact that some people will accept any request they receive, and this would not only increase the number of friends the bot has, but would also attract friend requests, since the fake profile will start appearing in others' profiles as a suggestion. After having collected a decent amount of friends, say 30, it has been enough to sit down and wait for a while. People started asking friendship on their own, and all the bot had to do was accepting these requests. In a bit more than one month, the bot collected 375 friendships on Facebook. This is an order of magnitude higher than the number of friends reached, on average, using random targeting by the spammers we monitored for our previous paper. Needless to say, the spam or automatic activity detection algorithms of Facebook failed. Time for better anti-spam techniques?
