i202 Fall 2010 School of Information, UC Berkeley

As Mark Zuckerberg announced Facebook’s new messaging service, he claimed that it would catch spam and unwanted messages thanks to the ‘Social Inbox’ feature. Knowing who your friends are can help to block unwanted messages from people you don’t know. However automated spam detection might not be the biggest problem anymore in the fight against spammers. As The Economist reports in their November 18^th issue spammers have found new strategies to keep their ‘business’ alive and profitable¹. Social Media such as Facebook and Twitter might very well be their next target in the search for a new business model.

Data from Cisco shows that the need for an updated business model is becoming more urgent as classic spam fighting techniques got increasingly better and more sophisticated. A recent report shows that today online-security firms are able to filter out almost 98% of spam messages. This is done mainly by advanced ‘document analysis’ techniques like the ones discussed in the 202 lectures. These algorithms search messages for words and phrases commonly known to be used in spam messages. Additionally addresses and domains known to send out high volumes of spam messages are blacklisted. Governments also stepped up their spam fighting efforts by shutting down spammer organization and scrutinizing the sales of domains more closely to prevent spammers from buying large amounts of foreign domains.

Now that traditional information retrieval techniques are capable of fighting off such a large amount of spam messages, spammers try to circumvent these measures using various strategies exploiting social media and social networks.

One of these strategies, known as social engineering, can seriously undermine the spam fighting capabilities of Facebook’s new Social Inbox. Spammers fake online identities by creating fake Facebook profiles and start adding new ‘friends’ to that profile. Research suggests that a large number of Facebook users accept friend request from unknown people, even more so if the unknown profile has a (preferably female) profile picture². Once the ‘friend’ network has been build it is relatively easy to trick people into clicking on links and it becomes possible to send messages to their supposedly safe Social Inbox.

Another strategy tries to exploit the weaknesses of the information retrieval techniques to filter spam by using short message services such as Twitter. Tweets bring two challenges to traditional IR techniques when filtering spam. One is the fact that tweets are by definition limited to 140 characters and therefore inherently hard to filter based on traditional spam stop words or phrases, simply because they don’t contain a lot of words, let alone phrases. The other, potentially even more serious threat, is the use of shortened URLs to reduce the number of characters used by links in a tweet. It is very hard to tell where a shortened URL is pointing, which makes them hard to filter by both computers and humans. These and other strategies have let to an estimated 8% of spam URL tweets³, although Twitter official estimate is still about 1%. 

1. http://www.economist.com/node/17519964
2. http://download.bitdefender.com/resources/files/Main/file/fb-another_breach_in_the_wall.pdf
3. http://portal.acm.org/citation.cfm?id=1866307.1866311 and http://www.uic.edu/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/2793/2431