Anyone who has spent any significant time on social media will have seen postings which appear to serve no purpose other than the collection of likes, comments and shares (Figure 1). Many of these postings utilise a range of techniques - including the use of a range of emotional hooks - to encourage users to engage with them. Whilst some of these can be taken at face value, and others appear nothing more than harmless fun, significant numbers of these postings may well comprise part of an initiative to build popularity for content which is intended for fraudulent use.
Figure 1: Examples of social media postings designed to elicit user interactions (likes (top two), comments (middle two), shares (bottom two))
When users interact with any such post, no "magic" happens other than the apparent popularity of the content being increased. It is unusual that users will remove a 'like' once it has been added - indeed, in many cases, they may additionally post a comment that the content "does not work" - and in doing so, are further fulfilling the objectives of the potential scammers.
As a posting attracts large numbers of user interactions - through the process which is known as 'like-farming'[1] - it becomes a tradable commodity in its own right. It also provides the owner of the posting with lists of active users who can further be targeted with content. Numerous platforms exist where these popular postings (or the accounts behind them) are bought and sold for advertising purposes (Figure 2). This provides revenue for both the owners of the accounts and the operators of the platforms facilitating this trade - whomever they may be. It can then become a simple matter to edit the content of the posting to advertise whatever content the new owner is wishing to promote, whilst retaining the original user interactions[2]. At this point, the actual content of any comments is largely irrelevant - the social media platform will, in many cases, simply see the posting as a popular piece of content, and will serve it up to users in feeds of suggested material of interest. A similar principle applies to new postings made from popular accounts. Content can often also have its exposure further boosted as 'promoted' postings through payments to the social-media platform.
Figure 2: Examples of websites offering the trade of social media accounts
At this point, the advertised content can fall into any of the categories of the most dangerous or unsavoury material on the Internet - the sale of counterfeit goods, financial trading scams, adult- or gambling content, malware distribution, amongst others. It is also well established that - apart from the most obvious risks associated with these types of material - much of the most egregious content online is associated with the funding of organised criminal groups[3]. In many cases, trusted brands will be targeted within such content - perhaps through the sale of infringing versions of their goods, or through false claims of affiliation or endorsement. The process of monitoring text and imagery within social media postings for the inclusion of branded IP is a core element of any holistic brand-protection programme.
These schemes share a number of similarities with the older familiar types of 'clickbait'[4], which aims to drive revenue through click-through payments and advertising, and are also closely related to the sinister spread of misinformation in the modern Internet world.
And from a user's point of view, perhaps the key take-away is to think again before clicking 'like' or 'share'.
References
[1] https://www.malwarebytes.com/blog/news/2019/04/explained-like-farming
[4] https://davidbarnettbrandprotection.blogspot.com/2017/07/one-weird-trick-to-steal-your-money.html
This article was first published on 27 October 2023 at:
No comments:
Post a Comment