This is not a bright discovery, moreover it is being done right now and it has been reported in several places. But I believe it is interesting... and I find funny to write about it.
The goal of spam is to get your potential reader receive and read the message. Well, the final goal is to get the fake product purchased, but you have to start getting the message read! Social Networks usually send you updates and other messages regarding what is happening with you and your contacts. For instance, somebody is now following you at Twitter, you have a message at LinkedIn, or you have been tagged in a picture at Facebook. The idea is using these messages to get your attention; you will read them, they are trusted by you and related to personal topics!
Just follow this procedure:
- Get several accounts in the Social Network.
- Collect a list of users to send the spam to.
- If it is possible to personalize a "request contact" message, send messages to a hundred of other users. Not too many, this behavior will not pass unnoticed to the Social Network. E.g. this is possible in LinkedIn.
- If it is possible to tag people in pictures, create several pictures with your favorite Rolex-Viagra-whatever message and the link, post several in each of your fake accounts, and tag each one with the target users (4-5 users per picture...). E.g. this is possible in Facebook.
- (...) Check and use whatever other method to send an alert to a user in the Social Network, and exploit it in the same fashion.
- Obviously, you will be getting your accounts blocked. Get more!
In order to make this effectively, you need to automate all steps in the process. Using the APIs, it is not difficult, but you have to automatically solve several CAPTCHAs in the way. Check how at "Strong CAPTCHA Guidelines".
What makes me smile about this is that spam has been getting more and more about social engineering, and what Social Networks enable is just that! OK, perhaps these attacks are not so feasible...