Elgan: How spammers will poison your social graph

They wrecked e-mail, then they ruined search, and soon they'll go after your friends and family

Microsoft Chairman Bill Gates announced in 2004 that the problem of e-mail spam would be "solved" within two years.

Well, it wasn't. And it won't be, at least not anytime soon. The reason is that unscrupulous, shameless marketers who pursue a spam strategy evolve and adapt like a virus. As soon as you build a better spam filter, they figure out how to get around it.

As a result, e-mail long ago became a bad neighborhood. And now an increasing number of people, especially young people, avoid e-mail altogether.

Search has been similarly compromised, at least for some kinds of purchases. If you're looking to buy products that are easily counterfeited, or looking for, say, a hotel to stay in or other travel services, a regular search may favor "search spammers" -- shady companies that "game" the search engine to give advantage to their own offerings over better ones.

A particularly hideous case shocked readers of The New York Times recently. The paper told the story of a woman who searched the Web for a place to buy sunglasses and discovered a site called DecorMyEyes.com, which appeared fairly high in the search results.

Long story short: The owner of the company, Vitaly Borker, deliberately cultivated bad customer service, threatening the woman and even posing as her in a call to her credit card company when she tried to cancel her order. The reason is that on the Internet, there's no such thing as bad publicity. The more horrible Borker treated his customers, the more links his company got on Google. The more links it got, the more sales it made.

Because of publicity from the Times article, Borker was arrested and the site was "demoted". However, DecorMyEyes.com is still up and running and taking orders. And for every unscrupulous search spammer who gets caught, there may be hundreds who don't.

Another kind of "spam" occurs in open message boards, or in user-ranked content services like Digg. Some companies or organizations that want to "astro-turf" an opinion or idea may send legions of fans, employees or paid posters to overwhelm a topic with that point of view. One of the best known is the Chinese government's so-called 50 Cent Army, which involves thousands of people paid to post pro-Chinese Communist Party opinions on message boards and social media sites inside China and around the world.

The Chinese government's well-organized effort overshadows the more informal actions of many organizations that do something similar. Many large multinational corporations encourage employees to go out on the social networks and message boards and say nice things about the company's latest initiative. Some smaller companies use this technique as their main source of marketing.

As people increasingly discover that searching on the open Web can return untrustworthy results, they'll be more inclined to turn to their "social graph" -- the group of people with whom they are connected on Facebook, Twitter and other social sites.

In theory, and in reality at present, this makes a lot of sense. After all, if you can't trust your family and friends, who can you trust?

The major social networks and search engines are fueling the trend. Google and Bing offer limited results on some searches based on what your Twitter, Facebook or Buzz followers have posted. The idea is that if you're looking to buy something, your peer group or loved ones are both more relevant and more trusted.

And that's why your social graph is the next ripe target for shady marketers. As services increasingly enable you to search for things influenced by your social graph, spammer types will try to infiltrate your social group and sway the results. Here's how they'll do it:

1. Become your friend. If you're on Facebook, you may have already seen this happening. You get a "friend" request from a total stranger. Oftentimes these new "friends" are conspicuously attractive -- at least, according to their fake profile pictures. They may or may not engage you in flattering conversation. If you're inclined to friend strangers, you may get a half-dozen or more such new "friends" and they may all be the same person or same company. Then, all those "friends" start talking about, advocating, "Liking" or linking to a specific site or brand. Or, they may offer their "influence" to the highest bidder, in which case they may advocate a whole bunch of products. When you go searching your social graph, guess what a majority of your friends "recommend"?

2. Impersonate your friends. Another even more unscrupulous method is to impersonate your real friends. There are two basic ways to do this. First, they may befriend you as a stranger on more than one social network. Then they can see which of your actual friends are "friended" on one network but not the other. In those cases, they can pose as the missing friend. And, of course, you'll accept. The second method is to simply duplicate some of your friends. You might accept the request, believing that your friend is "starting over" or forgetting that you already have a connection.

3. Hack your account and friend themselves. Hackers employ a wide range of methods to hack into your various accounts. Phishing or, more reliably, guessing your password gets them in the door of a social network site posing as you. Once they're logged into your Facebook or other account, they can "friend" their own phony accounts while posing as you. If you have a lot of friends, you may not notice.

Illegitimate marketer-hackers will come up with other schemes to poison your social graph with shady "marketing."

The bottom line is that spamming is coming to the social networks. And they'll do it without your knowledge if they can, and without your permission if they must.

Mike Elgan writes about technology and tech culture. Contact and learn more about Mike at Elgan.com, or subscribe to his free e-mail newsletter, Mike's List.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies