A Facebook spokesperson noted that only about 0.1 percent of Facebook wall posts analyzed in the study were spam, “which is striking when compared to similar reports that have been done on e-mail.” Multiple studies have reported that more than 90 percent of e-mails sent globally are spam.
“Overall fewer than 1 percent of all people who use Facebook have ever experienced a security issue, and that’s since Facebook’s founding more than six years ago,” the spokesperson added. “This study appears to confirm our success at stopping spam and helping people stay in control of their accounts.”
The patterns of activity discovered could, however, be used to fine-tune algorithms designed to automatically identify when an account has been taken over by spammers. One telling characteristic was the fact that compromised accounts generally sent most spam in the early hours of the morning (for that user’s time zone), presumably to reduce the chance of someone noticing that his account had been compromised. Another was that compromised accounts showed sudden bursts of high activity, something that could be used to accurately identify more than 90 percent of compromised accounts, the researchers showed.
While people have become relatively skilled at spotting the spam e-mail, few expect it on Facebook, potentially making it more successful. The researchers couldn’t show this to be the case, but researchers at antivirus software vendor BitDefender believe it is. “We did some experiments to see how much trust people place in others on Facebook,” says Catalin Cosoi, a researcher with the company. One experiment, in March, found that around a third of people who were sent a friend request from an account created by BitDefender for the purpose would accept it and that a quarter of those would click on a link sent by their new contact.
Another trial, in August, involved sending friend requests from profiles with photos of young women to 1,000 men and 1,000 women ranging from 17 to 65 years old. There was negligible difference between the two groups, but 92 percent of requests were accepted. “When it comes to social media, people feel that [Facebook] is a company that looks after security for them and that they are in a safe place where other users have good intentions,” says Cosoi.
The Northwestern study provides a valuable large-scale look at how spam functions inside Facebook, Cosoi says, although the spam detected still makes up a relatively small proportion of posts, and the company has since stepped up its security efforts. “Last year saw the appearance and spread of the Koobface worm, which was very successful,” he says. “I know that things have changed at Facebook since then.”
Outside researchers may not be able to repeat the study to see how spam strategies evolve, though. “With the removal of regional networks, it becomes harder to get crawled data in Facebook,” says Chen.
Corsoi is certain, however, that the network will attract more spammers, for the same reason it attracts advertisers. “They see an opportunity to do things that marketers have long dreamed of–being able to see the interests of people and target messages based on that.” That means users may have to become more suspicious of messages on the site.