In order to reach high scores, social entertainment applications require users to gather a considerable number of friends and supporters to play the same game, leading to player-development of social gaming channels, groups and fan pages to facilitate player interaction.
Spammers and phishers exploit the increasing trend of social gaming with fake profiles and bots that send spam messages to groups, as a BitDefender case study shows.
Unlike the regular social networking spam, when the users are enticed to add the spammer in their circle of friends, the social gaming-related phony profiles are willingly added by the users as an immediate consequence of their interest in enlarging the supportive players’ community. This makes it almost impossible for the bogus accounts to be automatically suspended, since the spammers’ action does not constitute an abuse.
The study also demonstrates that the most successful fake accounts are those miming real profiles, which hold plenty of details and pictures of the “user.” In an acceptance experiment, BitDefender researchers created three honeypot profiles – one without any picture and holding few details, another with an image and limited information and a third with a large amount of data and photos. All three profiles where subscribed to general interest groups.
One hour after adding people to each profile, the circle of friends enlarged with 23 connections for the first profile, 47 for the second profile and 53 for the third profile.
After joining social games groups, the volume of users willing to add unknown people drastically increased. Within 24 hours, 85 users accepted a request from the first profile, 108 from the second and 111 from the third.
“Users are more likely to accept spammers in their friends list when they are in a social network than in any other online communication environment,” said George Petre, BitDefender threat intelligence team leader and author of the case study.
The security implications are numerous, ranging from the consolidation and increase of the spamming power, data and ID theft, accounts hijacking to malware dissemination. A shortened URL posted without any explanation on each honeypot profile was followed by 24 percent of the friends from the three accounts, even if they did not know who posted it and where was going.