Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=240146149
In a whitepaper released in December, "Prevent Social Spam and Fraud from Sabotaging Your Brand," Impermium and TeleSign describe the many types of social threats, including:
-- Account hijacking. Spammers hijack users' personal accounts by stealing social login information.
-- Registration fraud. Fake accounts are registered, often in huge numbers, by bots.
[ Even Twitter can be risky. Read Twitter Direct Messages Disguise Trojan App Attack. ]
-- Malware spam. Social spam often exists in embedded links attached to photos and other content, often lurking in personalized messages that make it seem like the content is coming from a friend or follower.
-- Comment spam. Spammers use the sharing features on social sites to share messages, often including links to malicious content.
-- Life jacking. Spammers entice users to click on images that appear as though the users' friends clicked the Like buttons associated with the images, thereby recommending them.
-- Malware placement. Hackers create false profiles and then friend people from the profiles. Once a hacker's new friend clicks on a questionable link, spam can be propagated to other friends in that user's network.
-- Third-party apps. Malware can be embedded in third-party apps that, when installed, give hackers control of users' computers.
Impermium estimates that spammers comprise as much as 40% of all social media accounts, and up to 8% of social media messages sent -- about twice the volume seen six months ago.
According to the whitepaper, the consequences for companies doing any kind of business on public-facing social networks such as Twitter and Facebook include lost users, as legitimate users grow frustrated with growing security threats; damaged reputation; untrustworthy analytics, as fraudulent activity makes it difficult to quantify how many users are real; lost ad revenue; and polluted search results.
"The problem for the actual social media property is that they end up with a lot of accounts that aren't legitimate," Dean Nicolls, Telesign's VP of marketing, told The BrainYard. "This is a problem if you're, say, reporting out false numbers for your advertisers." Of course, this is also a problem if you are the advertiser whose campaigns, financials and forecasts are based on inaccurate information.
Impermium and TeleSign contend, and explain in the whitepaper, that traditional forms of user authentication, such as captcha, are outdated and ineffective. "Computers have gotten so powerful, and everything is so connected, that there's no way traditional user names and passwords can suffice for authentication," said Impermium CEO Mark Risher.
Impermium and TeleSign are promoting a three-pronged solution: Shut the front door (verify new accounts); clean house (use automated spam-cleansing tools); and close the back door (validate key account changes, such as password resets).
TeleSign offers a service whereby users are verified by phone when registrations are deemed risky. Users are prompted to provide a phone number at account registration; the site sends a one-time verification code to that phone; and users enter the verification code onto the website. This, says Nicolls, filters out any automated systems and many bad actors. He admits that such extra steps do cause some "friction" with legitimate users, but he believes that people are becoming more aware of the growing online threats and more tolerant -- and even appreciative -- of these and other protections.
Security issues have plagued the Internet social scene since the earliest bulletin boards and chat rooms, said security consultant and Dark Reading contributor Brad Causey. "The major difference now is that businesses and users are beginning to integrate their lives more deeply into social media," he said. "Purchasing decisions, marketing budgets and even financial transactions are commonplace within the web of social media sites.
"In reality, social media sites are as much a wild-West marketplace as they are a place to meet and socialize," said Causey. A more-cautious stance will benefit consumers and businesses alike, he said. "The idea of what TeleSign and Impermium are working on could save companies millions of dollars, and significantly reduce the spam that is so often seen today in the social media scene."
How is spam and social malware in general affecting your business? You, personally? Please let us know in the comments section below.
Follow Deb Donston-Miller on Twitter at @debdonston.
Attend Interop Las Vegas May 6-10, and be the first to create an action plan to incorporate the latest transformative technologies into your IT infrastructure. Join us in Las Vegas for access to 125+ workshops and conference classes, 350+ exhibiting companies and the latest technology solutions. Register for Interop today!