Tag Archive | "spam"

Dissection of a Facebook Spammer and What You Can Learn From It

Tags: , , , , , , , , , , ,

Have you seen a rise in sneaky ads on Facebook?

I saw this link bait on Facebook, apparently on a feud between Stephen Curry and LeBron James–two National Basketball Association superstars.

2016-04-15 21_49_47-Dropbox - Screenshot 2016-04-13 04.30.48.png

And it brought me to what looks like ESPN.

2016-04-15 21_51_45-Dropbox - Screenshot 2016-04-13 04.33.13.png

The URL is a bit suspect, but most people won’t notice that, especially in modern browsers.

2016-04-15 22_23_18-Dropbox - Screenshot 2016-04-13 04.33.13.png

Reading the first couple paragraphs of this “article,” I almost believed it was real, but notice the slight awkwardness that’s a dead giveaway of fake article sites.

Screenshot 2016-04-13 04.35.30

This one is well-done, as it isn’t jammed full of spelling mistakes–a telltale sign of the white 18-year-old males who predominantly create these landing pages.

Scroll a bit further into how James supposedly admits that he only used steroids twice and you get links to these substances he allegedly used, then on to spam in its full glory.

Screenshot 2016-04-13 04.39.11

Heck, if LeBron is using it, as “ESPN” is telling me, I might just fall for it–especially if I’m an 18-year-old male myself.

Scroll a bit further and you get a Facebook comments box that looks legit.

Screenshot 2016-04-13 04.40.16

Of course, nothing is clickable, except links to the pills they’re peddling.

And if you click through to the product page, you can see they exposed their affiliate tracking.

2016-04-15 22_32_57-Add New Post ‹ BlitzMetrics — WordPress

Notice they’re pretty smart about testing their landing page and ad combos–minus the fact that they’re not cloaking their links. Cloaking, for those who don’t play in the affiliate space, is masking your URLs so that competitors and snoops can’t see which affiliate you are, what traffic you’re bidding on and so forth.

This pill company is a Wyoming company filed with a generic registered agent. And it has private registration to try to hide who it is here, too:

Screenshot 2016-04-13 04.46.09

Their privacy policy is a template used by others in this space (they’re called “rebills” or “continuity” products–a euphemism for recurring subscription charges).

2016-04-15 22_36_42-Dropbox - Screenshot 2016-04-13 04.49.22.png

Notice that it is doing this on ESPN, USA Today and all manner of sites.

The reason this works is because of a principle called “implied authority,” exercised in this way:

  • An “article,” not an ad that appears interesting– sports rivalries are hot topics.
  • Posted on an authoritative news site–a fake ESPN, in this case.
  • A gradual progression from sports facts to full-on performance-enhancement claims, normally taking two to three pages to blend smoothly.
  • Fake comments as social proof.

By merely copying the look of ESPN, Facebook or other high-authority websites, parasites can siphon trust.

What amazes me is not that spammers keep doing this (I chatted with one today that has a fake Steph Curry Facebook page and who didn’t see that it was clear infringement/impersonation) or that people still fall for this. I saw another one in the Digital Marketer Facebook group (one of my favorite communities) where this seller of marketing training straight-up ripped off the website (words, colors and all) from digitalmarketer.com.

Rather, gaining authority legitimately is not that much harder. And when you have it done right–via the six phases of personal branding and the sux phases of the Social Amplification Engine–you have sustainable results.

We’ve seen ploys like this since the beginning of Facebook and even since the beginning of search (back in 1999, nearly 20 years ago).

Can you imagine how the new wave of chatbots will create new forms of spam, too?

I’m not worried about spam getting out of control, any more than rain being a nuisance in New York City. Just get an umbrella and make sure to check the weather reports.

Warning: Spam image courtesy of Shutterstock.

Article courtesy of SocialTimes

Telegram encourages devs to build bots with $1M giveaway

Tags: , , , , , , , , , , ,

telegram botprize

Throttle combines all your annoying emails into one daily digest

Tags: , , , , , , , , , , ,


What Is Facebook’s Datr Cookie, and Why Does Belgium Want It Gone?

Tags: , , , , , , , , , , , , ,


Article courtesy of SocialTimes Feed

‘Everyone Will Know?’ Not on Facebook Last Week

Tags: , , , , , , , , , ,


Article courtesy of SocialTimes Feed

Truecaller Launches Truemessenger SMS App to Combat Mobile Spam

Tags: , , , , , , , , , ,


Article courtesy of SocialTimes Feed

Report: How Social Spam Distorts Data Insights

Tags: , , , , , , , , , , ,

Social media is riddled with spam. Up-and-coming networks attract spam as they grow quickly, and older networks have to deal with ever more sophisticated bots. A new report from Networked Insights examines how spam and bots distort the insights brands try to gain from social media.

According to the report, nine percent of all users tweeting in English are non-consumers, and these accounts represented 15 percent of all tweets. Networked Insights defines non-consumers as “social bots, celebrities, brand handles and inactive accounts.”

As a result of this non-consumer content, much of the social data collected by social data scientists is ‘dirty.’ The New York Times reports that data scientists spend 50 to 80 percent of their time just cleaning up data before it can be analyzed. Weeding out the spam and other false data points slows down the process and makes it harder to gain real insights from data sets.

Social spam is defined by Networked Insights as coupon postings, product listings, contests and giveaways, which combined, make up nearly six percent of social posts. Adult content makes up less than three percent of posts, and general spam such as gibberish makes up a little more than one percent.

Different networks have varying levels of social spam. Nearly 30 percent percent of forum posts are social spam, nearly 20 percent of blogs and comments are spam, and more than nine percent of tweets are social spam.

chartMany brands are overrun by this spam. 95 percent of the conversation around Rite Aid and Elizabeth Arden, 81 percent of the conversation around Visa is social spam. This kind of negative atmosphere could erode trust in these brands.

Very little of this social spam comes from real consumers. 53 percent of the content is generated by social bots, 23 percent comes from verified and brand accounts, and 11 percent comes from accounts that have been suspended, cancelled or disabled by Twitter.

Networked Insights used the food and beverage vertical to analyze the effect of removing spam from the conversation. The clustered data before spam removal showed large focuses on beer, pizza, coffee, cake, and adult content. After all the spam was removed from the conversation — 14 percent of all posts — nuanced conversations began to emerge.

This more nuanced conversation included topics such as vegan eating and ethnic fast food. The implication here is that relying on a dirty data set could in inaccurate audience targeting, and  misinterpreting what their audience really cares about.

Dirty data could also impact things like industry benchmarking.  For instance, it could be hard to compare two brands operating in the same vertical, but have vast disparity between the amount of spam they receive.

Networked Insights suggests removing spam from your data sets before trying to analyze what consumers are talking about. By doing so, your brand will have a clear understand of your customers’ interests, and the granular conversations could present new opportunities for your business.

Image courtesy of Shutterstock.

Article courtesy of SocialTimes Feed

Facebook Releases ThreatExchange API Documentation

Tags: , , , , , , , , , , , ,

WhyThreatExchangeFacebook introduced ThreatExchange last month as a way for tech companies to share information about malware and other security threats, and the social network announced Friday that the application-programming-interface documentation for ThreatExchange, as well as the PHP and Python reference code, are now available on GitHub.

Facebook threat infrastructure team manager Mark Hammell also offered details on how graph-based sharing of threat intelligence works in a note on the ThreatExchange page:

The first thing to understand about the design of ThreatExchange is that it’s a subset of APIs residing within the much larger set of Graph APIs used by third-party developers to programmatically interact with Facebook. Much like any other third-party developer, a ThreatExchange member starts by creating a Facebook platform application and then uses it to query or post threat data into ThreatExchange. Once Facebook grants access to a developer’s application, they interact with ThreatExchange by issuing RESTful API calls to the Facebook platform. This API based approach works well for our current members, all of whom are looking to integrate the data available via ThreatExchange into their existing security systems. ThreatExchange data doesn’t show up, or have any link, to the personal Facebook accounts of the application owners or people who use them.

Another core design component of ThreatExchange is that the data is modeled in what mathematicians and computer scientists commonly call a graph. This design — the same one Facebook uses to represent your Facebook account and connections between friends — lends itself very well to representing real-world interactions between threats like malware, bad domains and spammy URLs.

We will continue using this page to provide details about the design, functionality and new features of ThreatExchange. We are growing the platform slowly at this stage to ensure that it works well for all members, but our long-term goal is that organizations anywhere will be able to use these features of ThreatExchange to share threat information more easily, learn from each other’s discoveries and make everyone’s systems safer.

Article courtesy of SocialTimes Feed

Facebook ThreatExchange Lets Tech Firms Share Info on Security Threats

Tags: , , , , , , , , , , ,

ThreatExchangeLogo650ThreatExchange may sound sinister, but it’s actually a way for tech companies to share information about malware and other security threats.

Facebook threat infrastructure team manager Mark Hammell introduced ThreatExchange in a note on the Protect the Graph page, saying that a malware-based spam attack last year was the impetus behind the initiative, and naming Pinterest, Tumblr, Twitter and Yahoo as early participants, while citing Bitly and Dropbox as more recent additions.

Hammell wrote in the note:

A little over a year ago, a group of technology companies came together to discuss a botnet that was spreading a malware-based spam attack on all of our services. We quickly learned that sharing with one another was key to beating the botnet because parts of it were hosted on our respective services and none of us had the complete picture. During our discussions, it became clear that what we needed was a better model for threat sharing.

Expanding on those conversations, Facebook offered to build what has now become ThreatExchange, an API-based (application-programming interface) platform for security threat information. It was natural for us because our core service is a platform for sharing and because we already had a threat analysis framework called ThreatData that we could build upon. Feedback from our early partners centered on the need for a consistent, reliable platform that could provide flexibility for organizations to be more open or selective about the information they share. As a result, we included a set of privacy controls so that participants can share only with the group or groups they wish.

ThreatExchange is built on the existing Facebook platform infrastructure, and we layered APIs on top of it so that partner companies can query the available threat information and also publish to all or a subset of participating organizations. Threat data is typically freely available information like domain names and malware samples, but for situations where a company might only want to share certain indicators with companies known to be experiencing the same issues, built-in controls make limited sharing easy and help avoid errors by using a pre-defined set of data fields.

We’re grateful to Pinterest, Tumblr, Twitter, and Yahoo for their early participation and helpful feedback in the development of ThreatExchange, and we’re excited to be welcoming new contributors like Bitly and Dropbox. If you’re interested in participating in our beta of ThreatExchange or have a feed we should consider integrating, please visit threatexchange.fb.com and fill out the form on the final page so that we can contact you as we continue growing the platform.

Our goal is that organizations anywhere will be able to use ThreatExchange to share threat information more easily, learn from each other’s discoveries and make their own systems safer. That’s the beauty of working together on security. When one company gets stronger, so do the rest of us.

Hammell also spoke with TechCrunch, saying:

We volunteered to build an external version based on one we had in-house that would help these other companies share this kind of information with each other or with broader community-based privacy controls we built and they chose to use.

This was purely the serendipity of the graph.

As we are building this platform, we have been pushing the intelligence around this botnet, and proactively blocking the spam.

Readers: How big of an issue have you found spam on Facebook to be?

Article courtesy of SocialTimes Feed

Apple Files Patent For Automated Disposable Email Addresses To Help Handle Spam

Tags: , , , , , , ,


A new Apple patent application published today (via AppleInsider) details a system for heading off email spam and tracking its source. The tech automates a process many people now use manually, setting up temporary email addresses to be used for web service signups, which can then be thrown away when compromised by a spammy service, and provide clues as to which provider betrayed your trust.

The system would automatically generate disposable email addresses based on the service you want to use it with, and possibly contain an identifier in its construction to let you know where spam is coming from. So, for instance, if you signed up for Service X, the email might be “First.last.service@provider.com.” Managing said email addresses and dealing with cutting off the ones that are subject to spam can be done through web and app graphic user interfaces, as described in the patent, too.

Spam is a problem that only increases the more we use email and the web, and addresses not diligently maintained can quickly become overwhelmed with inbound communications from services not necessarily being responsible with your shared information. Apple may seem like an odd candidate as someone trying to tackle this problem, but the company has iCloud and acts as an email provider as part of that product’s suite of cloud services. It’s in the company’s best interest to minimize spam and help pare down on email address churn – if users can manage to keep one permanent address safe from spammers, they won’t have to change their main contact info frequently, which has benefits in terms of protecting the integrity of iTunes and Apple ID accounts.

Article courtesy of TechCrunch

May 2016
« Apr