Sunday, July 31, 2011

Seven Things I Learned Trying to Bait Twitter Spammers

I spent an afternoon this weekend running an experiment to bait Twitter spammers into sending me twam (Twitter spam). I thought it might be interesting to see what sort of tactics they use to evade detection and encourage clicks from unsuspecting victims. Here is what I learned:
  1. It is remarkably difficult to bait spammers: Given the amount of spam that organically arrives in my Twitter stream, I expected it would take very little to turn a trickle of twam into a healthy stream of commercial and dangerous tweets. This was not the case; despite repeatedly posting tweets designed to bait the spammers, I received fewer than a dozen twam replies. To further my research, I ended up searching Twitter for some of the spam links I received, which revealed many more spammers.

  2. It appears spammers are more coordinated than one might expect: I assumed that repeatedly tweeting the keywords spammers use to target their twam would result in a constant flow of spam replies, but my experience was quite different. After my initial posts sparked a handful of spam responses, the twam trailed off and eventually ceased altogether, no matter the frequency of my subsequent tweets. Perhaps this was an aberration from too little data, but the implications are interesting. Are Twitter spammers coordinated, throttling the spam sent from various fake accounts in order to decrease the chance of detection and reports? Do Twitter spammers only target people with influence within specific content categories, which might explain why I received twam responses when tweeting on tech terms but not about other topics? Or does Twitter have filters in place to prevent an account from receiving too many similar (and potentially spammy) tweets from different accounts that are not already followed?

  3. Spammers cover a wide range of topics: At first, I focused my Twitter spam experiment on tech terms that had, in the past, generated spam replies. My initial tweets focused on iPad, iPhone and Xbox. Soon, my experiment became crowdsourced with others suggesting terms I might test. I learned that spammers also love topics such as diets, golf, weddings, Justin Bieber, Lady Gaga, dating, sex and brand names. Thanks to JohnMichele, Kelly, Rob, Amrita, Paul, and Paul for contributing to my spam experiment and sharing their experiences.

  4. Spammers focus on newbies: Ted Sindzinksi noted he recently launched a new Twitter account for a startup and saw a great deal more spam than on his primary account. Twitter spammers may prey on new Twitter users who aren't as jaded or experienced as those of us who've been on the platform for years.

  5. Twitter Spammer Avatars: Warning:
    PG-13 & possibly NSFW
  6. Spammers aren't difficult to detect: Spammers aren't the most subtle or nuanced bunch of people. Virtually every account I visited--and I checked out close to 150 accounts during my experiment--followed the same modus operandi. Spammers tended to: 
    • Have very unusual names (EbonieLacsamana and SusannaBinderup) or end with one to four numeric characters (DiedraChauca624 and KarryHasencamp8)
    • Feature provocative profile pics of young women (more on this below).
    • Follow people but have few followers. 
    • Tweet a variety of famous and inspirational quotations and proverbs interspersed with spam tweets directed to individuals. Spammers' dictionary of quotations is quite deep, including everyone from Bill Cosby and John Lennon to Johann Wolfgang von Goethe, Marquis de Sade and Golda Meir. 
    • Use obscured links, but avoid the typical shorteners such as bit.ly. Instead, spam links tended to be from sites like safe-url.org (which clearly is not safe, despite the name) and unfamiliar sites like cirb.in (which I have not visited and recommend you do not, either.)


  7. Men are stoopid: I'm going to give spammers a little credit; I assume that they are capable of  clickthrough and conversion testing and thus are using the tactics they do because those tactics work. This has certainly been the case with email spammers, so there's no reason to think Twitter spammers aren't as adept at finding the cracks in our defenses. My Twitter experiment suggests men need to stop thinking with their... um... parts south of their waists. Almost every spammer I found featured a PG-13 (but not R-rated) profile pic of a young, scantily-clad woman. (As one of my Twitter followers noted, "Twitter has taught me to mistrust hot women.") Are men really that easy? I hope not, but if Twitter users more frequently clicked on spam links sent by profiles featuring avatars of men, grandmas, or dogs, then the spammers would be using those tactics, instead.

  8. Reporting spam to Twitter works: During my experiment, I reported to Twitter most of the twam accounts I found, but I chose not to report a handful of spammers, just to test what happens. At first, I was a little disappointed that several hours after alerting Twitter, the accounts I reported were still spewing twam and proverbs. I'm happy to report that when I rechecked 18 hours later, it was a different story: Every single account I reported was suspended. As for those accounts that I chose not to report, every single one was still active 18 hours later. Tip of the hat to Del Harvey and her small Trust and Safety Team for being responsive to spam reports.

What does this mean to you? First, I'm sorry, but hot young women really don't want you to save money. Secondly--and this is pretty obvious--think before clicking unknown links from accounts you don't follow, particularly those offering free or discounted deals. And third, report those spammers! You can do so using spam-reporting features built into tools such as Hootsuite and TweetDeck, or it's easy to report spammers using Twitter's browser interface: Click the profile name within your Twitter feed to view the spammer's profile in the right pane; click the down arrow button; and select "Report XXXXXXXXXX for spam."

Spam is an annoyance on Twitter, though it hasn't risen to the level of pain caused by spam in email (where, according to Symantec, 92 percent of email messages are spam.) With continued diligence on the part of Twitter and your assistance with reporting spam, the problem can be kept in check, but there is no substitute for simple common sense. Beware of who you follow and use caution when clicking links tweeted by unknown parties. The danger isn't merely that you lose a few seconds visiting a useless spam site; clicking the wrong link could result in the download of malware to your computer or lead to a loss of control of your Twitter account.  Tweet wisely!

7 comments:

Gautam Ghosh said...

Great personal research Augie, specially to see how you followed up 18 hrs later to check if the accounts were suspended or not.

Unfortunate that they target newbies, maybe turning them off twitter. Twitter needs to act some way (an FAQ or pointers like you have blogged) to protect them from spammers. Would be good business sense for them!

Augie Ray said...

Thanks Gautam,

I wonder if Twitter does take extra precautions with newbies compared to experienced Twitter users. I've invited Del Harvey, who runs Twitter's Safety team, to be interviewed for my blog, but she's been too busy to commit. If I get the chance to chat with her, I'll let you know.

Geekette Bits said...

fabulous post Augie!! I'm glad you didn't keep us in suspense for too long...I was wondering what your research would uncover.

I used to be very good about reporting twammers but have gotten lazy. Will double efforts again!

Also, all my development related Twitter accounts have not felt the wrath of spammers yet...even with a lot of posts. I think there must be some kind of protection going on as well. When you lock her down let me know. I might have one of two questions to sneak in. :D

Alan Berkson said...

Hey Augie,

I also noticed many spammers don't bother to capitalize first/last name.

Enjoyed the post!

-Alan Berkson

Josh Bernoff said...

Regrettably, I've found they don't only quote famous people . . . they also quote ME. Searches on my name occasionally turn up retweets of my tweets from many months ago, appearing at random in spammer tweetstreams.

Augie Ray said...

Alan and Geekette, thanks for the contributions.

Josh, sorry, but you're a famous person. I think it's some sort of bizarre badge of honor when spammers start leveraging your influence to worm their way into others' confidence. Congrats... I think.

Will Rochow said...

Thanks for the spam lesson. Being reasonably new to Twitter (less than 6 months), I did receive a fair bit of attempted spam initially. There is still the odd attempt. I do actively report suspected spam when when I encounter it. As a precaution, I also make a regular habit of changing my account password hoping that that will also help.

That was wise counsel. Thank you.