Social Engineering in Twitter Spam

October 15, 2008

NB: I hope that this doesn’t lead to an uptick of this type of twitter spam. But I think educating the non-spammers is more important.

Ok, I thought I’d write a new bloggeries about using social engineering to game twitter. Let’s start to covering some basics that many of you know. The best people to follow on twitter often have more followers than those they are following.

Twitter SpammerIt’s basic economics, unless you’re a superstar like @WayneSutton or @GaryVee, you just can’t handle all the noise it generates. Even though reciprocation is the nice thing to do, I can understand when a big name doesn’t follow me. This leads to easily identifiable patterns, spammers are often following 1000s of people and have followers numbering in the 10s or low 100s. When I get followed by one of these chaps I quickly block them. Update:@EmailKarma pointed out that I should just go with d spam @spammer.

Now when I get a follow from some one who has 734 followers, yet only follows 65 people, then it would seem that this is some one that people are happy to follow, even if she isn’t reciprocating. So to me, this is an early sign that this person is good. And let’s be honest, it strokes your ego a bit. Here is some one that many people follow, but who clearly is more selective in their following, and she chose me!

But here’s the rub, if I look at the tweets, it looks a bit spammy. Hmm. Click on the following link and they look like reputable people, I even recognize a few. Now just wait a few minutes and reload the page. Now an entirely new crop of people are in there.

The trick here is that they are using the API to follow people, then slowly unfollow them after a period of time. Since twitter sends follow notices, but no unfollow notices, you don’t realize they are no longer following you. This is a fantastic way to socially game people as well as avoid the spammy ratio that makes you look like an obvious spammer.

Pretty smart, and pretty annoying. This is something that I’m not entirely sure I’ve run into in the wild, but if I haven’t, I’m sure I will soon.

Posted in social networking | 1 Comment »
  • http://www.emailkarma.net Matt

    Adam,

    Don’t forget that you can now report these to Twitter by following and sending a direct message to “spam” (d spam @username) or http://www.twitter.com/spam

    Many of the accounts I’ve reported to them get shutdown within 12 hrs… 24 on the outside.

    Cheers,

    Matt
    @emailkarma

    Thanks Matt, I actually had heard that offhand, but hadn’t really known the deal with it. I’ll start doing that for sure now.