If you’re like most Internet users, then you probably share your email address on forums, social media threads and other sites that you trust without giving it a second thought. After all, even if you get a few pieces of junk mail in the process, it’s not like you have to read them. Unfortunately, spam isn’t just unwanted mail. Sometimes, there are viruses and other malware lurking behind that ridiculous plea from the prince of Nigeria. Businesses aren’t the only ones sending you hordes of junk mail, either. Cybercriminals use spambots to generate tons of scheme-laden spam, which you might be tempted to click on before you even realize what’s happening.
What is a spambot? TechTarget.com defines a spambot as follows:
A spambot is a program designed to collect, or harvest, e-mail addresses from the Internet in order to build mailing lists for sending unsolicited e-mail, also known as spam. A spambot can gather e-mail addresses from Web sites, newsgroups, special-interest group (SIG) postings, and chat-room conversations. Because e-mail addresses have a distinctive format, spambots are easy to write.
TechTarget also points out that the term “spambot” can be used to describe a program that filters out spam messages, but this isn’t common. A program that prevents spam from reaching your inbox is more typically referred to as a spam filter, which is one way to reduce the instance of spambot messages. Spambots aren’t just used to harass and annoy you while you’re checking your mail. The Internet offers a bevy of opportunities for spammers to perpetrate their schemes.
With more sophisticated techniques and more dedicated cybercriminals backing the operation, spambots offer lucrative potential for those bent on stealing information. From social media sites to your regular inbox, spambots pose a threat to your online browsing habits whether you click on those emails from the Nigerian prince or not.
What’s the point of a spambot?
Microblogging site Twitter, which depends on a constantly growing user base to generate sales from ads, admitted in August 2015 that a surprising portion of its active account base is actually from bots – 14 percent, in fact, or more than 23 million. In Twitter’s case, not every bot account is spam. Some automated tweets are designed to post on specific topics at regular intervals, but about 5 percent of those 23 million automated accounts are spambots. For a service that counts on real, live humans tweeting about things that matter to them, spambots not only interfere with user experience but with sales as well.
Rob Dubbin, writer for satirical news broadcast The Colbert Report, posted a lengthy explanation of Twitter bot creation in 2013, noting that Google had temporarily shut down his own email account when he received thousands of Twitter notifications after one of his bots went viral. In the post, Dubbin outlines some of the key draws and drawbacks to automated posts:
- Entertainment: Used for satirical or humor purposes, bots offer an entertaining break from the mundane postings about your friends’ favorite breakfast nooks or political rants about the next election. Creative writers can generate bots that are clever or that represent popular jokes.
- Adaptability: Bots can be tailored to fit specific purposes, such as increasing awareness for certain topics or generating positive feedback for broadcast networks.
- Influence: Social media accounts of famous, influential or popular entities might use bots to garner more interest. The bigger the audience and the wider the pool of followers, the more reach a bot has for generating positive responses. Influence can also be a negative when it comes to spambots. Larger targets mean larger profits for cybercriminals.
- User experience: Bots can entertain, but they can also clog up the feeds of social networking sites like Twitter, Instagram and Facebook. User experience is a two-sided coin that can flip in an instant.
Automated posts or regular bots have their place among social networking sites. Spambots don’t. One popular use for spambots is fake “likes,” comments and more – techniques used to drive traffic to a brand, typically a shady one, or to dupe followers into falling for various scams. A 2012 study found that nearly 30 percent of Barack Obama’s Twitter followers weren’t real people. About 22 percent of Mitt Romney’s were fake as well. It’s easy to see why spammers would target high-profile accounts. The more people like and follow a particular entity, the more likely it is that cybercriminals can trick people into shelling out cash or granting access to personally identifiable information – like credit card info, home addresses, phone numbers and income.
There’s been an increase in instances of bought-and-paid-for popularity. Spambots exist not only to generate false advertisements but to generate real sales for fake products, scams, fraudulent activity and other cybercrime. It’s surprisingly easy to buy into the spambot scheme. Even those with little to no coding knowledge can generate fake accounts.
In 2014, a study by UC San Diego found that a good spambot email campaign could generate about $7,000 per day. All it takes is a very small percentage of unwitting participants. Of the 1.7 million spam emails sent in the study, about 24 percent of them reached the targeted inboxes, and just .02 percent of recipients actually clicked on the links within. Even fewer made a purchase, which averaged about $100 per transaction. That means that only 70 people had to fall for the scam in order to generate a tidy sum for the spammers.
How do spambots affect the Internet population?
Aside from sending annoying messages, spambots can actually cause damage to a company’s reputation and dupe unsuspecting consumers into spending unnecessary cash. These scams aren’t new, but they are evolving. In 2013, users on the dating app Grindr noticed a sharp increase in the number of spambots posing as would-be hookups.
Grindr’s original setup did not require users to enter email addresses or verify accounts, making it a prime target for scammers a world away. These scam artists used spambots to generate hundreds of fake profiles in an effort to steal credit card information. Worse, spammers figured out how to bypass the app’s spam blocker as well as users’ own ability to block spam content.
After the boon in spam traffic, the site updated its policy to require email addresses, a technique that competitor apps had been doing since the start. But Grindr wasn’t alone in its influx of spambots. Tinder, another dating app, has also seen an increase in the number of phishing messages over the last two years. In 2013 and again in 2015, users complained that the app was being taken over by spambots.
The company claimed to be working on a solution to the spam problem, but users remained dissatisfied. Dating apps in particular are more prone to spam activity, partly because users are more willing to part with their personal and financial information and partly because the security features are less developed on these apps than they are on other social networking sites.
But it’s not just dating sites that suffer from spambot takeovers. In February 2015, spambots hijacked the Twitter account of Anthony Noto, chief financial officer of the company. At the time of the takeover, Noto had over 13,000 followers. Spambots are used to trick as many people as possible into clicking on dubious links to fraudulent services. These programs depend on broad reach to generate the most income, which makes high-profile people and businesses ideal targets. But spammers also target the little guy – because the “little guy” is what makes up the majority of the Internet.
What can we do about spambots?
Unfortunately, there’s no real way to stop spambots for good or to eradicate them altogether. Spam is a part of life on the Internet just as junk mail is a part of life in the real world. You can, however, prevent as much of it as possible from reaching your inbox, social networking feed and website by taking appropriate precautions. For businesses, there are a few in-depth techniques for reducing junk mail. For individuals, the following tips could help you cut down on the spam traffic:
- Keep your email address private. If you frequent forums and other boards online, don’t post your email address if you can avoid it. Many people think of email addresses as public information, but it doesn’t have to be. Only give your real email address out to businesses that actually need it, like your bank or utility company if you participate in online billing. Spambots can’t harvest your email address if it’s not available.
- Adjust your spam filter settings. Take some time to adjust your spam filter settings in your email server. You can control how much gets through, and you can also control which emails never get sent to spam. Retail store emails, for example, might automatically get thrown into your server’s junk or trash folder. Create a list of approved addresses that the spam filter won’t trap, and make sure you identify obvious instances of spam as trash so it gets sorted properly. You can set up your trash folder to automatically delete emails after a certain period, but use this option only if you’re confident in your spam filter’s ability to ignore legitimate mail.
- Ignore spam when it does show up. Spam messages aren’t always as obvious as incoherent pleas for sexual trysts or discounted Viagra. Sometimes, spammers are good at manipulating a subject line to make it look like a legitimate email. However, while spam filters do occasionally let legitimate mail through, chances are good that if the email lands in your junk folder, it’s probably not worth investigating any further. Ignore spam emails, plain and simple. When you click on junk mail, it lets spammers know that your address is live, which makes it sellable to other spammers. Plus, a real cybercriminal can track down scarily personal details about you just by verifying that your email address is legitimate – things like where you live, your phone number and the value of your home. If you see an email that gives you pause, trust your gut and click “delete.”
Businesses and individuals alike can also use a technique called “munging” to prevent spambots from harvesting email addresses. Munging is simply changing the way an email address appears to spambots while still allowing human readers to access the information.
For example, you may have seen something like this in a forum or on a website like Craigslist.com: janedoe AT examplesite DOT com. Jane Doe has listed her email address in such a way that you, as a reader, can interpret where the “@” and period symbols go, but a spambot wouldn’t be able to harvest it. This is just one way to mung your email address, and it’s fairly effective at stopping spambots.
You could also reserve one separate email for filling out forms online or learn ASCII characters to hide your email address if you have to give it out for any reason. In order to prevent spambots from lifting your information, it’s important to take proactive steps ahead of time to safeguard the data. Spam is an unfortunate consequence of the virtual world, and while you can’t do anything about the bots that troll social networking sites, there are ways to reduce the amount of junk that clutters up your personal inbox.