Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

To send messages to large numbers of people, Petre says, spammers often trick users into joining groups and befriending fake profiles. For example, in the aftermath of the Haitian earthquake, fraudsters started a group on Facebook that claimed the social networking company would donate money to relief efforts for each user who joined. The group collected nearly two million members in the five days before Facebook discovered the activity and suspended the group. While active, Petre says, the group was used to send spam messages to the group’s members.

Spammers can also blast messages to users who have accepted friend requests from them. Petre found that scammers use social games to make contacts with legitimate users. In many of these games, such as Farmville, users get ahead by having friends on the network who play the same game. As a result, there are lots of groups on Facebook devoted to helping users connect with others players. This provides a way for spammers to find users to connect with.

Once connected, spammers can also do more than just send spam messages. They can gather data on users, and those users’ contacts, to create more targeted fraudulent messages. Scammers also post links to profiles that aim to entice users to view advertising or visit compromised phishing or malware websites. While spammers could, in theory, use scripts to harvest e-mail addresses from other users’ profiles, Facebook has implemented several protections that make this difficult to do without getting caught and suspended.

“Social networking spam may be more dangerous than regular old spam because it creates a trust factor not available through blindly sending out mass e-mail,” says Garth Bruen, creator of software called Knujon, which classifies and tracks spam. By mining social networks, he says, criminals can get access to personal details such as where a person lives, where they go out to drink, or what movies they like. “It is very good intel for establishing trust with strangers,” he says. Though Bruen notes that working within a social network costs spammers more resources than traditional methods, he believes the payout could be much bigger.

Kathy Liszka, a professor of computer science at the University of Akron and the chair of the MIT Spam Conference, says that fighting spam is no longer just about mathematics and statistics. Spam and malware companies today are actively recruiting people with backgrounds in psychology, she says, and Petre’s work shows that social networks provide fertile ground for spammers to try more sophisticated forms of manipulation. Liszka says, “If we don’t get up on the psychology aspect, we’re going to start losing ground again.”

1 comment. Share your thoughts »

Credit: BitDefender

Tagged: Communications, Web, security, Facebook, social networks, malware, spam, phishing, Internet crime

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me