You might think that bot accounts on social media are easy to spot. However, like almost all things automated, they’re improving rapidly – and they can pose big security risks if you happen to fall for them.
Firstly, what is a social media “bot”? In short, it’s an automated social media account that’s capable of posting and interacting without any direct human control. While you might have only encountered the spam-posting variety, the truth is that bots are an essential part of the online ecosystem.
They can help provide customer support, news and real time updates, live tweets, and make life easier by scheduling repetitive tasks.
However, they have a dark side: bots can be used to skew the results of online polls, alter perceptions of online political discourse, manipulate product reviews and even spread malware.
In this article, we’ll focus on the latter and give you some tips on spotting and avoiding the more nefarious types of malware-spreading and scammy social media bots.
The character limit on Twitter makes it imperative that bloated links are cut down to fit. However, this shortening can make it easy for links to hide their true destination – and with this can come ‘drive-by’ malware attacks.
Perhaps the most serious abuse of link-shortening came in 2009, when the Mickeyy Worm spread like wildfire through Twitter via a shortened Bit.ly link claiming to “remove” the worm. Thankfully, it fell short of actually compromising anyone’s data, but the possibility remained concerningly real – taking over user’s accounts and turning them into makeshift Twitter spam bots.
Cybercriminals often turn a profit with hordes of fake and hacked Twitter accounts, rigged to spread malware and mine information used for phishing attempts. By using shortened URLs, traditional security tips surrounding hyperlinks (such as “hovering before you click”) are often ineffective.
Figuring out the true link location is something that depends on the provider of the shortened link. Popular services such as Bit.ly, Tinyurl and Goo.gl all provide safe ways to preview their links before committing to click. For more information, check out University of Michigan’s handy guide to Shortened URL Security.
Avoid Bot Follower Services
If you’re thinking of boosting your social media follower count using bot services, think twice. Some bot scripters are in the ‘Pay for Follower’ business, promising thousands of followers for a fee.
Despite the claims that these are legitimate accounts, these ‘followers’ are often compromised and/or made up of completely fake accounts – bot armies, in other words.
Using these services can implicate your account in spam distribution or worse, causing a swift ban from Twitter. Even more worryingly, these services may never deliver on their promise and instead take your account details and leave you empty handed. Buyer beware!
Watch Your Messages
By now, we’re mostly used to viewing our email inboxes with a degree of skepticism. Phishing, spam and many an unwanted advertisement have all trained us to click carefully.
Social media platforms include their own direct messaging functionality – which is often more private, but still open to the same kinds of misuse. Hijacked bot accounts can be used to send out direct messages, often with subject matter designed to confuse or concern. For example: “I found this video posted of you”, “Your friend has been hacked”, among other alarming statements followed by a shortened link.
These messages can even appear to be from people on your friend list – a duplicate account can easily be created and operated by bots, allowing further accounts to be hacked and taken over.
The most foolproof way possible to avoid this problem is to enable two-factor authentication on all of your social media accounts. Take a look at our guide for more benefits, as well as how-to links for each major social network.