Social spam is unwanted spam content appearing on social networking services, social bookmarking sites,[1] and any website with user-generated content (comments, chat, etc.). It can be manifested in many ways, including bulk messages,[2] profanity, insults, hate speech, malicious links, fraudulent reviews, fake friends, and personally identifiable information.
As email spam filters became more effective, catching over 95% of these messages, spammers have moved to a new target – the social web.[3] Over 90% of social network users have experienced social spam in some form.[4] Those doing the “spamming” can be automated spambots/social bots, fake accounts, or real people.[5] Social spammers often capitalize on breaking news stories to plant malicious links or dominate the comment sections of websites with disruptive or offensive content.[6]
Social spam is on the rise, with analysts reporting over a tripling of social spam activity in six months.[7] It is estimated that up to 40% of all social user accounts are fake, depending on the site.[8] In August, 2012, Facebook admitted through its updated regulatory filing[9] that 8.7% of its 955 million active accounts were fake.[10]
Commercial spam is a comment that has commercial content irrelevant to the discussion at hand. Many of the old email spam content resurfaced on social networks, from Viagra ads, to work-from-home scams, to counterfeit merchandise. Recent analysis showed social spammers content preferences changing slightly, with apparel and sports accounting for 36% of all posts. Others included: porn and pills (16%), SEO/web development (23%), and mortgage loans (12%).[11]
Social networking spam is spam directed specifically at users of internet social networking services such as Google+, Facebook, Pinterest, LinkedIn, or MySpace. Experts estimate that as many as 40% of social network accounts are used for spam. These spammers can utilize the social network's search tools to target certain demographic segments, or use common fan pages or groups to send notes from fraudulent accounts. Such notes may include embedded links to pornographic or other product sites designed to sell something. In response to this, many social networks have included a "report spam/abuse" button or address to contact.[12] Spammers, however, frequently change their address from one throw-away account to another, and are thus hard to track.[13]
Facebook pages with pictures and text asking readers to e.g. "show your support" or "vote" are used to gather likes, comments and shares which improve the pages' ranking. The page is then slightly changed and sold for profit.[14] [15]
Bulk submissions are a set of comments repeated multiple times with the same or very similar text. These messages, also called as spam-bombs,[16] can come in the form of one spammer sending out duplicate messages to a group of people in a short period of time, or many active spam accounts simultaneously posting duplicate messages. Bulk messages can cause certain topics or hashtags to trend highly. For example, in 2009, a large number of spam accounts began simultaneously posting links to a website, causing ‘ajobwithgoogle’ to trend.
User-submitted comments that contain swear words or slurs are classified as profanity. Common techniques to circumvent censorship include “cloaking”, which works by using symbols and numbers in place of letters or inserting punctuation inside the word (for example, "w.o.r.d.s" instead of "words"). The words are still recognizable by the human eye, though are often missed by website monitors due to the misspelling.
User-submitted insults are comments that contain mildly or strongly insulting language against a specific person or persons. These comments range from mild name-calling to severe bullying. Online bullies often use insults in their interactions, referred to as cyberbullying. Hiding behind a screen name allows users to say mean, insulting comments with anonymity; these bullies rarely have to take responsibility for their comments and actions.[17]
User-submitted threats of violence are comments that contain mild or strong threats of physical violence against a person or group. In September 2012, Eric Yee was arrested for making threats in an ESPN comment section.[18] He started out discussing the high price of LeBron James shoes, but quickly turned into a stream of racist and insulting comments, and threats against children.[19] This is a more serious example of social spam.
User-submitted hate speech is a comment that contains strongly offensive content directed against people of a specific race, gender, sexual orientation, etc. According to a Council of Europe survey,[20] across the European Union, 78% of respondents had encountered hate speech online; 40% felt personally attacked or threatened; and 1 in 20 have posted hate speech themselves.
User-submitted comments can include malicious links that will inappropriately harm, mislead, or otherwise damage a user or computer. These links are most commonly found on video entertainment sites, such as YouTube.[21] When a user clicks on a malicious link, the result can include downloading malware to the user's device, directing the user to sites designed to steal personal information, drawing unaware users into participating in concealed advertising campaigns, and other harmful consequences.[22] Malware can be very dangerous to the user, and can manifest in several forms: viruses, worms, spyware, Trojan horses, or adware.[23]
Fraudulent reviews are reviews of a product or service from users that never actually used it, and therefore insincere or misleading. These are often solicited by the proprietor of the product or service, who contracts positive reviews, known as “reviews-for-hire”.[24] Some companies are attempting to tackle this problem by warning users that not all reviews are genuine.[25]
Fake friends occurs when several fake accounts connect or become “friends”. These users or spambots often try to gain credibility by following verified accounts, such as those for popular celebrities and public figures. If that account owner follows the spammer back, it legitimizes the spam account, enabling it to do more damage.[26]
User-submitted comments that inappropriately display full names, physical addresses, email addresses, phone numbers, or credit card numbers are considered leaks of personally identifiable information (PII).[27]