Image may be NSFW.
Clik here to view.
When I was the ‘spam czar’ at Yahoo, my team successfully fought off hundreds of billions of foul messages a week. We put machine learning to good use and did our jobs well: Our advanced systems were able to keep the vast majority of spam out of your inbox, and therefore, yesterday’s news.
Today, I’m 100% focused on an emerging spam war on a much larger front: the broader social web. And the downside potential is serious enough to impact the global economy in ways that were just not possible with email spam.
Social spam may not be in the everyday news headlines now, but just wait. Right now, thousands of web professionals at the most innovative Internet businesses are struggling to keep their servers running business as usual, and their customers free of the next attack.
If you talk to these people as much as I do, they’ll tell you that social spam is already ugly and getting worse. Many sites wrongly assume these are problems only affecting the web’s largest sites, when in fact, often the bad guys find sites much earlier than the good. Yet top executives of these sites still remain mostly ignorant of the dangers.
Why social spam is so threatening
The social web is a richer breeding ground for fraud than email ever was. Here are five reasons why it’s different this time, and why it’s going to become a global issue in the near future:
- Social spam is diverse. Despite covering roughly 300B messages per day, the email channel is relatively focused: one email is just like the next one, and the last major “innovation” in email was the advent of bold, italics, and underline in the 1990s. On the social web, however, a significant new medium is seemingly born every minute. Just think about the speed in which Twitter, Pinterest, and Instagram have come of age, and created tens of millions of end users all with new ways to communicate and new expectations around trust. Each new application creates a new channel for spammers and trolls to post malicious comment spam.
- Attacks happen lightning fast. Do you have a blog that allows user comments? Or a Facebook fan page? Or how about a Twitter feed on your web site? What if you came to work today and found all of these infiltrated by racist comments or porno ads? [see below]. Attacks can literally spring up overnight, drowning your site in offensive or abusive spam comments. Cleaning up spam comments by hand can take an eternity, with the site losing users all the while.
- Online crooks can start for just $2. These days, cybercriminals need only a few dollars to get started. A recent Forbes article illustrated the plummeting price of fake Twitter followers, now as cheap as $2 per thousand followers. Need a thousand email addresses? That can be bought for just $15. And what used to take significant programming knowledge, can now be done by individuals with limited training with over-the-counter tools.
- I know what you did last summer. By this point, we’ve all developed a healthy degree of skepticism around “I am the most esteemed Oil Minister and hoping you for help with $100.00.000 inheritance.” But on the social web, perfect context is one hack away. If you see a Facebook comment that appears to come from a friend and is related to real, recent activity, “Jenny, here’s a pic from the concert last night; Click to download,” victims are much more likely to click on it.
- Sites will be responsible for bad content. As social spam continues to pollute the web, users will increasingly expect site owners to police the content of their sites. If a spammer or troll visits your site and uploads unwanted, malicious, or even illegal content, users will begin to call out site-owners for not properly monitoring user activity. Initially it won’t be about legal liability, but in the court of public opinion, can you afford to be a site operator who turns a blind eye to comment spam and bad users on your network?
Image may be NSFW.
Clik here to view.
As the number of bad guys rises, and the tools at their disposal grow ever more sophisticated, every site needs to consider how it will handle the inevitable onslaught of unwanted and abusive content. For the decision-makers at these websites, here are the big questions:
- Will you keep your head in the sand until the site is large enough to attract attacks, or will you take appropriate measures to build in protection before attacks begin in earnest?
- How committed is your in-house team to the ongoing arms race competing against the attackers?
- With visibility only into the attacks that have already happened on its own site, how well can a homegrown solution stand up to the fast-evolving attacks from today’s cyber-criminals?
- How much do you want to invest in training that team in abuse tactics, rather than focusing on improving the site for good users?
At Impermium, our experience says, to adequately defend your site, you must devote considerable effort not simply to responding to attacks, but to anticipating the next one. All too often, defensive efforts fail because they fixate on one attribute of an attack – the content, the rate, the country of origin – but ignore how the attacker will adjust to evade capture. These defenses may even do more harm than good, blocking legitimate usage while doing little to abate the bad. (See my series of posts on this, “When Social Web Spam Attacks,” Part One and Two.)
Successful defenses require broad coverage to see attacks coming from afar, sensitive feature engineering to detect subtle changes in the attack, and a comprehensive user reputation to tie it all together. These inputs must then be united in a fast-acting system that can operate reliably at Internet scale.
The post 5 Reasons Why Social Spam Losses Will Dwarf Email Spam appeared first on Impermium.