There was a time when the shadier online “element” was mostly interested in procuring credit card numbers, usually from Eastern European sources, in order to turn a quick buck. However, over time, interest in credit card fraud declined and according to RSA the going rate for 1000 credit card numbers has now dropped to a mere $6. What has taken the place of monetary online fraud, is artificial “likability” and “popularity.” Reuters reports that with the rise of social networking, instead of obtaining credit card numbers, hackers have used their computer skills to create and sell false endorsements – such as “likes” and “followers” – that purport to come from users of Facebook, its photo-sharing app Instagram, Twitter, Google’s YouTube, LinkedIn and other popular websites. This can be seen in the costs charged by “service” providers: 1,000 Instagram “followers” can be bought for $15, while 1,000 Instagram “likes” cost $30. It is likely that the going rates for fake popularity on other online social networks, FaceBook and Twitter is comparable.
In other words, being “liked” and “followed” online – traditionally an indication of influence, importance and power – has become more important than having instant access to liquidity, and naturally, since there is demand for online popularity shortcuts, there is also supply.
Enter Zeus: a computer virus that was once widely used to steal credit card numbers, has now been modified to create bogus likes that can be used to generate buzz for a company or individual.
In short: marketing and self-promotion is now the most impotant gray market commodity on the internet.
These fake “likes” are sold in batches of 1,000 on Internet hacker forums, where cyber criminals also flog credit card numbers and other information stolen from PCs. According to RSA, 1,000 Instagram “followers” can be bought for $15 and 1,000 Instagram “likes” go for $30, whereas 1,000 credit card numbers cost as little as $6.
It may seem odd that fake social media accounts would be worth more than real credit card numbers, but online marketing experts say some people are willing to spend heavily to make a splash on the Internet, seeking buzz for its own sake or for a business purpose, such as making a new product seem popular.
“People perceive importance on what is trending,” said Victor Pan, a senior data analyst with WordStream, which advises companies on online marketing. “It is the bandwagon effect.”
Facebook, which has nearly 1.2 billion users, said it is in the process of beefing up security on Instagram, which it bought last year for $1 billion. Instagram, which has about 130 million active users, will have the same security measures that Facebook uses, said spokesman Michael Kirkland.
He encouraged users to report suspicious activity through links on Facebook sites and apps.
“We work hard to limit spam on our service and prohibit the creation of accounts through unauthorized or automated means,” Kirkland said.
The modified Zeus virus is the first piece of malicious software uncovered to date that has been used to post false “likes” on a social network, according to experts who track cyber crime.
Fraudsters most commonly manipulate “likes” using automated software programs.
A latent backdoor Trojan that is just waiting to be sprung based on outside orders.
Cyber criminals have used Zeus to infect hundreds of millions of PCs since the virus first surfaced more than five years ago, according to Don Jackson, a senior security researcher with Dell SecureWorks.
That the virus is now being adapted to target Instagram is a sign of the rising importance of social media in marketing, and the increasing sophistication of hackers trying to profit from the trend.
Online marketing consultant Will Mitchell said he sometimes advises clients to buy bogus social-networking traffic, but only to get an early foothold online.
When asked about the ethics of faking endorsements, Mitchell replied, “It’s fine to do for the first 100, but I always advise stopping after that.”
He said one of his clients once bought more than 300,000 “likes” on Facebook against his advice, a move that Mitchell felt damaged the client’s reputation. “It was just ridiculous,” he said. “Everybody knew what they were doing.”
While it is hardly surprising that in a world in which the crackdown on credit card fraud has made using stolen credit cards next to impossible the next focus of the online criminal community would be a quick “popularity” boost which often can be quite easily monetized.
However, one wonders how long it will take the mainstream to realize that the same “army” of backdoor-infected PCs has been used for something far more sinister and costly: namely clicking of ads on assorted social networks (coughfacebookcough) to give the impression of user engagement. Not only would this result in billions in inaccurate ad spend, but it may potentially lead to a 50% jump in a given stock misperceived as having become a new ad clicking-haven, when in reality it was all just a few black hats (operating either with or without the complicity of the company) targeting viruses around to world to click on ads with zero intention of converting these to actual purchases.
And also, how long it will take the same advertisers to get smart on this viral clicking scheme and pull the plug, leading to an even bigger crash in said given stock than what occurred following its IPO?