A new paper released last week by researchers at the University of British Columbia, Vancouver (“The Socialbot Network: When Bots Socialize for Fame and Money”) has created a stir by highlighting social media sites’ vulnerability to infiltrations by socialbots. In an eight-week experiment, the UBC researchers deployed 102 socialbots on Facebook that were able to gain 250GB of personal information from over 1 million user profiles. What does this mean for the average Internet user? Your personal information is at risk every time you log on to a social media site. Here, we explain what a socialbot is and how you can protect yourself.
What is a Socialbot?
To know how to defend against these online enemies, you need to know what they are. As described by the paper’s authors, a socialbot is a computer software program that controls an account on a particular social network and has the ability to perform basic activities such as posting a message and sending a friend request. If a user accepts a socialbot’s friend request, the bot gains access to the individual’s information and contacts, which it will also try to befriend, and so on. Its success lies in its ability to mimic a human, making it a unique type of malware. The bots used in the experiment used profile photos taken from the website hotornot.com and generated fake status updates from the site iheartquotes.com, making them appear to be real people.
Cybercriminals can deploy socialbots to infiltrate social media sites for malicious purposes, usually to gain information for identity theft. The researchers’ bots obtained thousands of home and email addresses, birthdates, etc., all of which can be used to commit fraud. However, one of the unique skills of socialbots is that they can also do significant damage in the social sphere in the form of reputation defamation. As the researchers pointed out, social bots can be used to infiltrate social media sites to spread misinformation and propaganda.
Though social networks do have some safeguards in place, there are major flaws in the system—for example, the social bots in the study only sent out 25 friend requests a day, to stay under Facebook’s radar. In fact, the experiment proved Facebook’s security measures to be so ineffective that the socialbots had an 80 percent success rate of infiltration. In the absence of stronger security, it is up to social media users to be vigilant.
How to Protect Yourself
If you are an active user of social media sites, it is important to educate yourself and take the following steps to ensure you’re protecting yourself, as well as your online community.
Only friend people you know. A socialbot only has power if you give it to it. In the study, almost half of the friend requests sent out were accepted. You can avoid being victimized if you make sure you’re only adding contacts you know.
Don’t post personal information. Never post your home address, phone number, or financial information online—these can be used for ID theft. You should also assume that everything you post, including conversations, photos, etc. is permanent. Remember that your account can be vulnerable if a contact’s account is compromised. So if you would be uncomfortable with it being shared, don’t post it.
Report suspicious behavior. Be alert for suspicious activities or unusual online behavior from “friends.” Hackers can infiltrate friends’ accounts and spam their contacts list. If you are receiving peculiar messages or links encouraging you to click on them, report it (and contact your friend separately to let them know you think they might have been hacked). And if a stranger is repeatedly requesting friendship, flag, block, or report them.
Don’t share your contacts list when you join. When you sign up for most social networking sites, they ask if you’d like to invite your email list of contacts. Don’t approve this: The information can be exploited by hackers if your account is compromised.
Make sure you’re on the real site. Some phishing scams will send an email to you from your social networking site asking you to log in or verify some account information. When you click on the link, you’re directed to a fake site (which may look legit) that actually shares your username and password with cybercriminals.
Socialbots Threaten Social Media Users - ZoneAlarm Blog