Twitter underground economy still going strong
The Twitter underground economy and the fake social account market as a whole continues to gain momentum, and the financial motivations of this multimillion-dollar business remain clear.
Since our first analysis and report, we at Barracuda Labs have continued to monitor this activity across multiple social networks. Twitter continues to be the largest offender (or victim) with its underground economy for buying and selling fake social accounts.
As part of this experiment, we once again began our investigation by searching on eBay, Fiverr and Google for vendors who sell Twitter followers. Then, we selected several of the vendors with varying price rates for purchasing followers, and spent about $100USD to make a few purchases.
After these followers were delivered to our controlled Twitter accounts, we used Twitter API to collect their information and conduct deeper statistical analysis.
Because the fake accounts are from multiple data sources, the resulting data characteristics are also different. For this purpose of presenting the results of this study, we selected one dealer who is most representative, sophisticated and interesting, and report the analytic results based on data collected from that dealer.
Similar to our previous study, we have organized the results into three groups: (1) Dealers (hackers or vendors who sell Twitter followers), (2) Abusers (Twitter users who bought or had fake followers), and (3) Fake Accounts (created by dealers for selling followings or tweets business).
Dealers (hackers or vendors who sell Twitter followers):
- 52 eBay sellers are found selling Twitter followers; 55 websites are found in the Google top 100 results when searching “buy twitter followers” (and 49 of those websites are new ones); astonishingly, 6400+ Twitter followers services are found on Fiverr.com.
- The average price of followers has dropped significantly: $11 per thousand followers (compared to $18 in August 2012).
- Some Dealers can control as many as millions of Twitter followers (see fastfollowerz.com and twittercluster.com package options).
- Some Dealers provide location-targeted Twitter followers, either Global or USA specific, and some provides monthly subscriptions.
- Some are extremely sophisticated, such as fastfollowerz.com, which provides extensive features, including 100% active followers, 5-year retention protection (no followers drop in 5 years), guarantee to pass StatusPeople detection, geo-target by country or city, target by keywords or profile information, monthly subscription, daily delivery, etc.
Abusers (Twitter users who bought or had fake followers):
- Only 1147 Abusers were identified, with only 121 of them as fake accounts
- The average Abuser has 52,432 followers; 60% of Abusers have 4,000-26,000 followers
- Only 55% of Abusers have set URLs in their profiles
- Average account age of Abusers are 100 weeks, or 1-year and 11 months
- 16 Abusers have more than 1M followers, 88 Abusers have more than 100K followers.
Fake Accounts (created by dealers for selling followings or tweets business):
- 99,494 unique fake accounts identified
- Average age of these fake accounts is 30 weeks or about 7 months; only 0.1% of Fake Accounts are less than 3-months old
- On average, a Fake Account is following 60 users, tweeting 77 times, and has 32 followers
- 63% (62,982 out of 99,494) of Fake Accounts are created by duplicating profiles from real users: adding one extra character on the screen name, and using the same displaying names, descriptions and locations. Some real accounts are duplicated multiple times.
We compared these 62,982 fake accounts and the real accounts that are used for copy, and list several differences in the following table:
Clearly, the differences are quite big between the duplicated fake accounts and their corresponding real accounts. Most of these statistics look very reasonable (dozens of tweets, followers and followings), except for the last one. Real users may tweet at any time and most likely have no obvious trends; hence, the timestamps at minute level are most likely unique, as shown in our result: 96% are unique. Additionally, the Tweet source is diverse: 24% from iPhone, 24% from Web, etc. However, we found that these fake accounts generally tweet several times in a brief period of a day, and then disappeared for a few days, and come back again. Sometimes, these tweets were created so fast, e.g., 5 different tweets with 60+ characters in 1 minute, that they cannot be typed by a normal user, but only by machines. This characteristic leads us to estimate that the percentage of unique tweet timestamps should be lower: only 35% after our computation and 98% of them are coming from Web.
From here, we can easily deduce how Dealers (or hackers) control thousands fake accounts:
- Each account first is pushed in a processing queue
- A thread worker then will pop the front account out and log in to Twitter, create several tweets and login out
- Then, this account will be pushed in the back of the queue again, waiting for its next round.
Clearly, this process can be implemented easily by a software program and run automatically on computers. Still, repeating the process of logging in, tweeting, and logging out, for thousands of accounts, will take a significant amount of time; hence, it generally will take a few days for an account to tweet again. (Of course, Dealers can spend more money and time to remove this tweeting characteristic, for example, using more machines to speed up the turnaround or tweet once in each login.)
Overall, we clearly can observe a new trend on the Twitter follower trading business: Dealers are getting smarter to make these fake accounts look more authentic.
Additional highlights of this study include:
- The market of selling Twitter followers is very competitive now: top Google search results show that 89% (49 out of 55) are new vendor websites; the average price for thousands of followers has dropped more than 39%, from $18 to $11 now; several dealers have provided various new features to promote their services.
- More than 60% of Abusers have 4,000-26,000 followers, meaning they are still the active group to have fake Twitter followers. The percentage of Abusers who have URLs in their profiles has dropped from 75% in August 2012 to 55% today, but this percentage is still much bigger than that of general Twitter users: 31%.
- Fake Accounts have greatly evolved to mimic real Twitter users in order to avoid abuse detection by Twitter, as well as to evade the spotlight of general users. They steal the profiles from regular users, set both profile and background images, maintain a small number of followings, occasionally tweet something original with hash tags from web, and even interactively follow each other to have dozen of followers. All of these behaviors are very similar to many real Twitter users, and can hardly be classified as abuse actions.
- There are several new services aimed at detecting fake Twitter accounts and updates, including Faker Check from StatusPeople, Fake Followers from SocialBakers, and TwitterAudit.com. However, all of these services failed in detecting this new wave of fake accounts.
This is not surprising as these services had publicly announced the basic features they used to detect each account’s identity, such as empty images, large following vs. follower ratio, or percent of retweets, etc. Dealers have taken advantage of this information and manipulated the new fake accounts to eliminate such features. This trend will force Twitter and other defenders to update their detection strategies to identify the real “fake” accounts and better protect real users.
Finally, we would like to estimate the size of this Twitter underground market. Without a doubt, it continues to be a multimillion-dollars market. First, a few vendors can sell up to millions of Twitter followers; secondly, we have found a few Abusers who have their followers up and down at the million level. We know on average each fake account is worth $0.011 or 1.1 cent per following, and it was on average following 60 users, meaning each account has already made 66 cents in our study. Remember that each of them can be sold at least 2000 times without any hurdles, worthy of $20 each. Therefore, millions of fake Twitter followers can definitely generate million dollars or more revenue.
Another reasonable estimation is based on statistics from fastfollowerz.com: declaring “28,000+” happy clients in hand and assuming each client only spend $50 (amount to have at least 4000 followers for the active group), and they have already made $1.4 million dollars at least for their Twitter follower business. Keep in mind that there are more than 55 websites, and 50 eBay sellers, and thousands of Fivvrr.com services.
Furthermore, consider that most of the Twitter followers vendors also sell Facebook fans, Google+ votes, YouTube views, Instagram followers, Pinterest followers, LinkedIn connections, etc. which in turn multiplies the financials easily into the hundreds of millions of dollars.