Meshfire : Social Media Management Dashboard with AI

My ‘Favorite’ Twitter Spammers

Anyone who is an active Twitter user has probably experienced the new frontier of Twitter spam: mysterious users suddenly ‘favoriting’ your old tweets. Sometimes, you see this behavior three weeks or more after you sent the original tweet.

You know it must be spam of some kind. And usually, a quick examination of the sender reveals a link in their bio that they want you to click. Or, sometimes they rely on users who will follow an account that favorites a tweet, hoping to send a dangerous URL by direct message later on.

First of all, why use the ‘Favorite’ action for spam? Because it’s a click-generating tactic for black hats that has few downsides. From a self-described “black hat” site:

We are making a bot right now that will allow you to load in accounts, set delay, rotate accounts after every said amount with proxy support etc…

The beautiful thing about this….after some testing I have done with just 2000 favorites (took 2 days on 1 account) the accounts get about 10 followers per thousand with tons of hits from your profile url…..and it doesn’t look spammy (having 2,000 followers and 25 following back like TA) and the account is still live.

Nobody knows how many times you have favorited something.

This is going to be sweet.

Name Redacted

Unlike the older methods of “mention spam,” favoriting a tweet leaves no evidence in the spammer’s timeline for users to spot, and unless they overrun the limits that Twitter imposes (a very generous 1,000 favorites per account per day), they can stay under the radar long enough to achieve their goals: hits on links and follows from unsuspecting users. With even a few dozen accounts (too few probably to cause Twitter to notice), they can touch tens of thousands of Twitter users each day.

But there is something else to notice about the quote above: the “black hat” attitude. Though misguided marketers once used some of the bulk communications methods we now call “spam,” they have for the most part moved on to better ideas, leaving only the “black hats” to the field. This approach to bulk outreach is a Mark of Cain that not only impacts how “black hats” think, but also carries through to the techniques they use. And it leaves evidence.

Evidence like the gap between the time of the tweet and the time of the favorite. Normal users don’t favorite things they didn’t see live, or at least within a few days of original delivery. To favorite something that was sent weeks ago, you have to be running an automated keyword search (probably using a browser automation tool like iMacros, commonly misused for this among black hats). Because a normal user doesn’t have the patience to scroll backwards through weeks and weeks of old tweets looking for things to favorite. Only a machine can be given that job. That’s a dead giveaway.

Evidence like favoriting things from accounts that have no natural conversational history in them. Because building a natural looking conversation history would be time consuming and expensive, two things that are anathema to black hats looking for a quick score.

And that’s only for starters. The “black hat” attitude gives us many, many ways to differentiate the fakers from the real users, and all without examining the content of the messages.

At Meshfire, we study spammer behaviors so that we can help you focus on the most valuable, real people on Twitter and spend as little time as possible hassling with the fake accounts that sap your energy and reduce your influence.

5 Comments

  1. Khris Lloyd says:

    Very interesting tactic! I’ve seen this several times myself though it is usually around a particular tweet about coffee. Maybe our bot writer is a bit of a caffeine addict?

    Unfortunately for the rest of us this makes it, once again, harder to make connections on twitter. When I see someone interesting I do click on their personal stream and scroll down until I find something that I really connect with. I may not have the time to reply to it right then and there so i’ll favorite it as a reminder. Now fortunately for me, i’m a real person, and i’m hoping my new potential influencer will recognize that. Especially if I forget to add that reply to my newly favorited tweet in a timely manner.

    However, as someone who puts particular interest in the quality of my own followers, favorites, etc, I really appreciate the ability weed out the fakers. 

    • Eli Israel says:

      Exactly right, Khris. And a good reminder that no single datum is always dispositive. That’s why the Meshfire rules engine weighs lots of different bits of evidence.

  2. SomeGuy says:

    Thanks for this explanation. I noticed that recently from a Tweet that 2 years old! These users didn’t look like the typical spam accounts, but now I get it.

  3. Thank you I’ve been wondering the same thing and this makes perfect sense. Thanks :)

  4. Thatcher says:

    I’m human and I favorite old tweets because the content is relevant and I want it accessible to a Favorites Twitter widget.

Leave a Comment