Not to make you all paranoid, but self-described “spam czar” Mark Risher has a serious question for anyone relying heavily on social networks for personal or professional reasons: How much can you really trust them?
While most people have been trained to ignore questionable links or phishing notes sent via email, they feel secure within popular cyber-hangouts like Facebook, LinkedIn, Twitter or Pinterest and on many media Web sites — making them easy prey for spam scams perpetrated by bad guys posing as friends, fans or followers.
Be honest: if some you trust sends you a link telling you to look at a video or a photo, aren’t you likely to click on it?
“I realized that every Web site, every company that has a Web presence was increasingly contending with these sophisticated attacks. As innocent people, good people like you and me and your readers, move to new ways to communicate online, as we move to the social Web, so too are the bad guys moving there as well,” said Risher, co-founder of anti-spam company Impermium, in a recent phone interview with SmartPlanet.
This isn’t just one guy’s self-interested observation. Documented attacks on social platforms and other consumer-facing Web sites have been on the rise in the form of malware distributed via fake links, fraudulent registrations, account takeovers and the like.
For example, recent data from security company Barracuda Labs estimates that one in four people using Facebook or MySpace have received a virus or malware, often something posted to their public wall. In August, different statistics pointed up an enormous spike in fake Twitter accounts – which are often used to help beef up the follower numbers for other Tweeps, making them look bigger than they actually are.
Things have gotten so bad that social spam is actually listed as a material corporate risk in the security filings that Facebook submitted when it went public — almost one-third of its employees are responsible in some way for helping fight this menace.
All this points to a market eager for the services of Risher’s two-year-old startup company from Redwood City, Calif., Impermium, which is working with Internet companies on technologies that help detect and eradicate social spam attacks.
The former Yahoo! executive left his post at Yahoo!, where he worked on eradicating email spam, to start Impermium because he felt that this evolving problem was better solved by an independent company that could apply the solution across many different sites. So far, his idea has been validated with $9 million in venture capital from firms including Accel Partners, Highland Capital Partners and Greylock Partners.
Impermium’s service detects social spam patterns and trends that could pose a danger to consumer-faced Internet properties. It integrates into Web sites, providing a real-time analysis of content being posted and alerting site owners if something looks suspicious. What happens after an alert depends on the site’s policy. For example, the content could be blocked or reviewed for legal purposes. A warning might also be sent to the person attempting to post it.
“What we do is similar to how disease outbreaks are handled,” Risher said. “When an organization like [World Health Organization] sees that there is a particular strain of influenza documented somewhere in the world, it spreads information to all the hospitals around the planet to help protect all those people there. Working outside of Yahoo! gave us the opportunity work with many different portals, many different social networks, news publishers and media sites.”
Risher is cagey about naming clients that rely on Impermium’s warnings, but the high-profile logos flashing along the bottom of the company’s home page include The Washington Post, ESPN, Tumblr, American Idol and Pinterest. The technology is also integrated with a number of Internet commenting platforms including Disqus, Echo, Livefyre and Squarespace, Risher said.
The rationale for investing in Impermium is easy to understand. When site visitors see irrelevant, spammy comments on Web sites or are subjected to offensive attacks, continuously, as a result of visiting them, it reflects poorly on the company.
Not only do both of these things undermine the credibility of legitimate interaction, but it could open visitors to more malicious attacks, which could in turn lead advertisers to pull their support from a Web property. Spammy sites could also find themselves ranking lower in search engine results over time.
“We as users don’t like engaging in conversations that are malicious, that are disruptive, that are hateful, that are full of unwanted and dangerous traffic,” Risher said.
In his two years of fighting social spam, Risher has yet to come across a Web site that isn’t vulnerable to some degree, whether or not they actually realize it. Some of them have taken a draconian approach to this, shutting off all participatory content, he said. The majority are trying to filter spam in some manner — perhaps by requiring registration to submit comments — but right now these methods are like using paper towels to mop up an overflowing kitchen sink, where the water is still running.
So, I had to ask: Has Risher ever clicked on a nefarious social media link? Not yet, but he admits to being tempted regularly.
“This is embarrassing, because it is my career, but I have come very close to getting caught on numerous occasions,” he said. “Just this week, I received a direct message just to me that seemed plausible, something that had just the right amount of personalization, looked like it was from somebody I should know and seemed tantalizing.”
So far, Risher has always stopped himself just in time. Can you say the same?