Buying Twitter followers is standard practice for celebrities, politicians, startups, and even so-called social media experts who want to boost their online Q Score.
So it shouldn’t be surprising that hackers have noticed this market opportunity and are building a formidable underground business automating the creation, and selling, of phony Twitter followers.
Fake Twitter accounts are nothing new, but the practice is being refined all the time. Rather than make up people, attackers are taking established Twitter users and duplicating their accounts. The authenticity of the phony accounts is crucial in order to keep these fake accounts live and keep Twitter’s fraud detection capabilities from catching them and turning off the accounts.
“They’re stealing names and appending numbers or letters to your name, copying your profile photo, your bio, your location and start sending out tweets,” said Paul Judge, vice president and chief research officer at Barracuda Networks. “They’re stealing identities and make fake accounts that let them blend in better and seem more credible. They send out these links and someone sees the name, sees the picture and believes it’s you. They’ve stolen trust in you and your reputation by sending out links.”
Barracuda has done noteworthy research on the Twitter underground in the past, and Judge says the evolution of the market is extraordinary, in particular noting that more than 60 percent of new fake accounts being created are using the tactic of duplicating legitimate existing accounts and get better click-through rates on the malicious links they send out.
“There are a few monetization techniques. They’re doing everything from links sending users to sites hosting Web exploit kits to sending links to spam sites hosting affiliate ads, or using the same accounts to sell you fake followers,” Judge said. “They’ve diversified income stream. We’re seeing the same fake account being used for all three.”
Right now, Barracuda research points out there are 52 eBay sellers soliciting phony Twitter followers at an average of $11 per 1,000 fake accounts. That is translating to more than 52,000 followers for each entity buying fake accounts, Barracuda said.
“They’re becoming so profitable in being able to sell these accounts as ‘Fake Followers,’ that the side effect is they’re able to make money without necessarily causing harm,” Judge said. “To some degree, it’s taking some of their attention away from spreading malicious links.”
While Judge said Barracuda doesn’t have good visibility into click-through rates, they do get an indication of profitability from the phony accounts that are used to sell fake followers.
“When you look at a fake account being used to sell itself as a follower, one simple measure of how much business they’re getting is how many accounts they are following; those are their customers,” Judge said. “One thing we’re able to do, for each army of fake accounts, we’re able to look at how many people they’re following, look at the number of unique people they’re following and gauge the level of business they’re having. For some of these, we’re able to see based on the amount they charge per follower, these businesses are generating $20,000 to $30,000 per month on the side of the business just selling fake followers.”
The entire operation is automated, from the quality of the websites they’re using (easy click-to-pay, slick designs) to the scripting that builds armies of fake followers.
“From the APIs Twitter provides, it’s so easy to script interactions with Twitter’s websites, it’s one of the things that made this grow so quickly,” Judge said. “The ease of which you can become a member and start tweeting, it’s a low barrier that makes it so easy for attackers to take advantage of it versus other social networks that are more complicated.”
Judge said more than 90 percent of the tweets are automated and sent through the Twitter website, which is actually a giveaway that something is amiss given that legitimate users send most of their tweets through mobile applications or third-party clients.
“Look at fake ones, there’s a much higher proportion through Twitter’s websites because it’s all scripted,” Judge said. “We’re also able to see different bursts during the day. You’ll often see an account that doesn’t tweet all day and then see minutes where there are tweets and then it disappears for the rest of the day.”
The problem for businesses and consumers, however is that social networks are often the first measure of a businesses or person’s reputation and trustworthiness. That’s what makes this such an appealing avenue for hackers to exploit.
“The disconnect is that the average person things that social media is a measure of popularity, when in reality, all you did was spend $11 for your followers.It’s the equivalent of buying a Zagat review or a five-star rating,” Judge said. “You’re buying accreditation.”