Social networking sites are increasingly becoming a prime target for spammers - a point driven home recently by the massive $711 million judgment Facebook was awarded against the so-called "king of spam" Sanford Wallace.
Spam has been a staple of most email inboxes for years - and has made it increasingly difficult for legitimate marketers' messages to reach their intended audience. Its volumes have reached an all time high, with spam comprising the vast majority of email.
Will SocNets follow Email Down Spam Path?
Now, security experts worry social networking sites are on the same trajectory. If this happens, the burgeoning promise of social networks as a marketing platform could be crushed - or at least significantly scaled back - as users lose trust in their security.
Unfortunately, spammers are attracted to the social network for the same reasons marketers are: their growing popularity and the amount of activity that transacts on these sites.
CAN-SPAM to the Rescue
Facebook, for example, was apparently infiltrated by Sanford and two associates in order to send phone mail and posts to individuals' public walls, according to the social network. The site filed suit against Sanford and his associates in February; in March in received a temporary restraining order against the trio. Last month the US District Court in Northern California found them in violation of several laws including Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM).
Sanford had pulled a similar stunt with MySpace a few years ago; Wallace and his partner allegedly took users' login information without their permission and then targeted their friends on the network with spam that linked to porn and gambling sites. He was successfully sued by MySpace, which was awarded $230 million in damages - the highest judgment made under CAN-SPAM at the time.
Despite such eye-popping fines, security experts report that spam and related malware activities on social networks are getting worse and there is new malware designed specifically to target social media sites. Also phishing messages that masquerade as social media notifications are becoming increasingly common.
The Federal Bureau of Investigation outlined several of these strategies and techniques earlier this month.
For instance spammers are sending messages that claim there has been a violation of the social networking site's terms of agreement or some other type of issue which needs to be resolved, the FBI warned. Others entice users to download an application or view a video. Oftentimes these messages - as in the traditional email format - appears to be sent from users' "friends", giving the perception of being legitimate. Fraudsters are also posting applications on social networking sites that appear to be legitimate, the FBI said, but in fact install malicious code or rogue anti-virus software.
More Indications of Severity
Another indicator of the severity of the spam problem comes from security firm Sophos, which found in a recent survey that one-quarter of companies surveyed have been exposed to spam, phishing or
malware attacks via sites such as Twitter, Facebook, LinkedIn and
"What's needed is a period of introspection - for the big Web 2.0
companies to examine their systems and determine how, now they have
gathered a huge number of members, they are going to protect them from
virus writers, identity thieves, spammers and scammers," says Graham
Cluley, senior technology consultant at Sophos. "The honeymoon period
of these sites is over, and personally identifiable information is at
risk as a result of constant attacks that the websites are simply not
mature enough to protect against."
Authorities and security experts are not conceding defeat against spammers just yet. Recognizing that their reputations among users are at risk, sites such as Facebook and MySpace are stepping up monitoring and prosecution activities, such as those against the spam king.
State attorneys general are also focusing on the issue. In July New York Attorney General Andrew M. Cuomo served the social networking site Tagged.com with formal notice that his office intends to sue the company for deceptive email marketing practices and invasion of privacy.
According to Cuomo’s notice of intent, Tagged devised an illegal plan to lure new members and artificially inflate traffic on its site. Consumers who visited Tagged were tricked into providing the company with access to their personal email contacts, which the company then used to send millions of promotional emails. Tagged disguised these solicitations to make them appear as if they were coming from a personal contact, when they were actually spam. Tagged denied the accusations in media accounts.
Burglars Prey on SocNet Users
And if spammers on social networks isn't enough, the users of such networks themselves often bring about other risks. A study by the UK insurer Legal and General found that social networkers are giving away vital information about themselves and their whereabouts that is potentially being used by professional burglars to establish a list of targets. In that study, Facebook was found to be the riskiest.