Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

As users have flocked to social networks, so, inevitably, have spammers. And according to a recent experiment, users are much more receptive to spam sent via a social network than over e-mail.

A group led by George Petre at BitDefender, an antivirus software company based in Bucharest, Romania, performed an experiment to test the effectiveness of spamming techniques geared toward a social networking site. They found it surprisingly easy to entice Facebook users to “friend” people they didn’t know; they also found that many users were willing to click on links without knowing who sent them or where they led.

Speaking last week at the MIT Spam Conference in Cambridge, MA, Petre described how spammers exploit social networks via messaging systems by enticing users to click on links, and by gathering personal information to target mail-outs.

Most social networks have internal messaging systems for communication between members. Petre’s group examined that of Facebook, which boasts 5 percent of the world’s population as its users. While Facebook has an antispam engine, the group found that it was better at filtering out phishing e-mails than preventing spam messages from getting through.

The group started by creating fake profiles to trick users into friending them. They created three profiles, one containing almost no information about the user, one with some information, and one with detailed information. They used those profiles to join popular groups and began sending out friend requests.

Within 24 hours, 85 users had accepted a request from the first profile, 108 from the second, and 111 from the third. Petre says that acceptances began to accelerate, since more than 50 percent of the time, users would accept the request if they shared a “mutual friend” with the fake profile. In some cases, he says, users would send a message asking for more information about how they knew this supposed new friend. The researchers didn’t respond to these requests, but in many cases, Petre says, users accepted the request anyway.

The researchers then posted a link without any explanation to the fake profiles’ walls, using a URL shortener to obscure where the link went. Almost 25 percent of the profiles’ “friends” visited the link, Petre says.

1 comment. Share your thoughts »

Credit: BitDefender

Tagged: Communications, Web, security, Facebook, social networks, malware, spam, phishing, Internet crime

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me