Tutorial Help me identify spammers

(I've bolded and italicized the most important sentences in this post, so that people who might not otherwise read it can skim it and still get the main points.)

As our forum grows, we will periodically become the target of spammers. Forum spammers are people who create accounts on forums, pretending to be seeking help, but actually looking for ways to create links to websites that pay them to do so.

In our case, people may come to our website, pretending to be in pain, but actually only looking to accumulate links to websites that are paying their employers.

If that makes you angry, it makes me angry, too. Helping people with TMS is almost a spiritual activity for us, because we know what it is like to live with constant pain. The idea that someone could abuse our trust and pretend to be someone in pain just so they can make some money by adding links to an unethical website, just seems wrong.

Forum spammers are highly organized, and some shady individuals have made a lot of money by spamming forums. Commercial posting is against the terms of service of just about every forum out there, so not only are they unethical, but they are acting illegally as well.

Luckily, forum administrators are not powerless in this. We participate in forums designed for forum administrators (like www.theadminzone.com) and work with databases of spammers (like www.stopforumspam.com and www.stopbotters.com). Here at the TMS wiki forum, we utilize all of these techniques, but there is a third technique that is vital as well: the report link.

One spamming technique that is becoming more and more common is as follows. An unethical company that wants to sell more products contracts with a "black-hat link building company." The link building company has contacts in countries where wages are very low and where English skills tend to be good. They hire people there and give them training and an Internet connection. These people then make Gmail accounts and use these Gmail accounts to make fake accounts on relevant forums. They then pretend to be real users of the forum and create posts that include links to the company that is paying their employer. These links can be very valuable to the original company because they provide "PageRank" and "anchor text," two commodities that are extremely valuable in a field called Search Engine Optimization (SEO).

Currently, suspicious links are appearing on our website to a company called Medoc, so I will use them as an example. Medoc appears to have hired a black-hat link building company that has contacts with contractors or employees in India. The people from India create accounts on our forum, pretending to be people with back pain, but actually just deceiving us.

I say India, because the links to Medoc's website have been posted by people who are accessing our website from India. In general, we get very little traffic from India. After all, Dr. Sarno's books aren't published in India and the vast majority of our members have read books by Dr. Sarno. However, India, because of its enormous population, relatively low income, and excellent English-language education (possibly due to its British colonial history) is a common source of labor for spammers. (These three factors also explain why, when you call a customer service number for a large company, you are often connected to a call center in India.)

Generally, experienced forum administrators are tremendously busy and are very good at identifying spammers. Therefore, when we see suspicious posts like I have been seeing, we just delete the posts, ban the user, and get on with our work. However, we are proud goodists here, so I like giving people a second chance. Further, I need your help in identifying future spammers as well, especially as we grow. Therefore, I would like to use this incident as an opportunity to enlist your help.

If you suspect that a post may have been made by a spammer, please click the report link underneath the post. This will draw my attention to the user and give me a chance to investigate them. The "report" link looks like this:

​

My goal right now is to spend my time focusing on projects that will help ensure the long-term growth of our nonprofit (projects like developing relationships with partners, doing "white hat link building" (the honest and ethical kind), improving our software, building the network of TMS Practitioners, and working on our corporate governance). Therefore, I can't read every post. By drawing my attention to posts that might be spam, I can monitor those posts and take action when appropriate.

Spammers generally are impatient, and will generally include a link within their first several posts on the forum. They know that they will probably be found out and banned soon, so it isn't worth their while to take the time to really develop relationships with the people on the forum. The links that they include are generally unlike any other link that appears from a well-known member on the forum. For example, the links to Medoc are two a medical device manufacturer that specializes in devices for hospitals. The links are of only very specialized interest, and aren't of interest to consumers interested in mindbody healing. The links are also generally out of place in general. For example, the posts that I have seen haven't been about medical devices, so there was no reason to link to a medical device manufacturer. Finally, there often just seems to be something "off" about the posts. This is because they are written by people who are pretending to be interested in TMS rather than by people who are actually living it.

Once you have seen a couple of spammers, they become easier and easier to identify. Unfortunately, the spammers are getting cleverer and more professional, so it is getting harder to identify them. However, by using the report link and responding diligently, we can show them that this is a community that is proud of its integrity and will defend that integrity. Eventually, they will realize that they can't make any money by harassing us, and they will move on to target other forums that are not as diligent.

As always, thank you very much for your support and for taking the time to read this post. It is people like you, and the common experiences that we all share, that make all of this worth doing.

 

If anyone would like an example of this type of spammer, consider the following thread on another board:
http://friends-forum.mosken.com/viewtopic.php?f=65&t=27715
A user there, going by brucewillym, is very chatty and friendly. He is posting on a CFS/Fibromyalgia board, but admits that he doesn't know what Fibromyalgia is. Roughly half of his posts include links to Medoc's website. Out of nowhere, he starts asking people about diabetes, which is completely off topic. Then, surprise!, he discovers that the answer to his completely off-topic question about diabetes involves another of Medoc's expensive gadgets. In the final post of the thread, the owner of the sight calls attention to his linking behavior, saying, with enormous restraint, "You have now linked to the same website many times in the same topic. That isn't really a good idea." As a result, Bruce suddenly disappears, never posting again on that forum.

The same user apparently talks up Medoc's tests on Netdoctor.com:
http://www.netdoctor.co.uk/interact...discussion&u=209981&search_author=brucewillym

He also completely took over this thread talking about Medoc's equipment:
http://thosewithvisualsnow.yuku.com/reply/57012/Visual-Evoked-Potentials#reply-57012

He attempted to post a thread here, but a dilligent administrator identified him as a spammer and deleted his thread:
http://forums.anandtech.com/showthread.php?t=2391341

He even appeared at a highly advanced scientific computing forum, talking about his favorite topic, medical imaging:
http://forums.parallella.org/viewtopic.php?f=41&t=448

On this thread, the community discussed using their own report link on the spammer:
http://www.diabetesdaily.com/forum/type-2-diabetes/78258-thermal-testing-helpful-diabetese/

There are three pages of Google results for this particular fairly talented spammer, but I won't go over all of them because you may have guessed the punch line. He has also scammed us, in this thread:
http://www.tmswiki.org/forum/threads/lower-back-pain-latest-report.2401/
In every post that I investigated, he always mentioned a product sold my Medoc or made smalltalk.

Roughly half of his posts have links to Medoc, and, as usual, his posts are about thermal imaging and pain imaging:
http://www.tmswiki.org/forum/threads/lower-back-pain-latest-report.2401/#post-31170
http://www.tmswiki.org/forum/threads/lower-back-pain-latest-report.2401/#post-32045
http://www.tmswiki.org/forum/threads/lower-back-pain-latest-report.2401/#post-31612

Geographically, he comes from a region known for its spammers. Few people from that region of the world use the name "Bruce," however.

Eventually, some forum admin will report him to www.stopforumspam.com, and he will have to choose a new pseudonym and register a new gmail account.

What should anger all of us is that he wasted the time of three of our amazing "real" forum posters. They reached out to him with their hearts and tried to help someone who they thought was a fellow pain sufferer. In return, he fed them nothing by deception and inauthenticity. All for money. Perhaps it is hard for someone even as clever as him to get an honorable job, but we do need to protect our community.

I've left his links up for a while so people can see what a talented spammer looks like, but will take them down eventually. If people like this decide that we are a "soft target," we'll all have to work together to protect ourselves.

 

Heya, folks, thanks for your support!

Exactly. The blue phrases are the links. A link can't harm you unless you click on it. Theoretically, a link could harm your computer if it is not up to date. This is why it is important to, at least for a PC, keep the computer updated with Windows update and use a good security suite such as the suites from Semantic, Kaspersky, Nod32, or Bitdefender. If you do that, it will help protect you from accidental link clicks. Of course, running a downloaded program is more of a big deal than clicking on a link. In general, you never want to run a program that you download from the internet unless you trust the site it is from.

In general, though, forum spammers generally don't want to steal your identity or hack your computer. Most forum spammers are just advertising. Therefore, even the spammy links wouldn't harm you unless you consider having to look at high tech pain-measuring medical equipment to be a form of harm.

Generally, the safest way to check a link is to hover your mouse over it and look to see what web address pops up in the bottom of your screen. This works on most, but not all web browsers and you can try it with this link. If you hover over the blue text in the previous sentence, you might see "http://www.thankyoudrsarno.org/" pop up near the bottom of your window. If so, then you know how to check links without clicking on them. Doing this is a completely safe way to check and see what a link is linking to. If it says "medoc-web. com" or "buycheaprolexes. com," click that "Report" link.

When in doubt, you can always just click the "Report" link. If it's an honest person, I should be able to tell pretty quickly.

We have an absolutely amazing software product installed called FoolBotHoneyPot which blocks 99.9% of the spammers that come our way without inconveniencing our regular users. So far it is working well, but once in a while, a firm that is willing to hire a real human being can get through. As such, fighting spammers is a long term project for a forum, and I am thrilled to have such a supportive team working with me.

 

Thanks for explaining that, njoy. Your kind words warmed my heart, too.

I call the "blue text" kind of links "inline links," and I think that they are perfectly safe to use. Like everything else on the web, it is about trust. If the person who posts the links has more than, say, 5 posts or if you just can tell that they are a real TMSer, then don't worry about it. If I have any concerns, I can generally check by hovering over them as I describe above. (To link to a specific post, like I just did, click on the date that the post was made, at the bottom of the post. The web address will end in something like #post-32092, which brings the person clicking on it to the point on the page where post number 32092 is.)

In general, spammers post ads on forums, but spammers aren't nearly as dangerous as hackers or information/identity thieves. The hackers and thieves often use emails to do their work, so, in general, I am much more cautious about opening attachments to emails or clicking links in emails. Hackers can often use email to create computer worms that spread via emails, using people's email address books to find new victims, so, realistically, I think that that is where the threat lies right now. When in doubt, though, it's not a bad thing to be cautious. Hover over the link and see where it takes you to.

In general, to be cautious, here's what I do:

1. Always keep my operating system and software (particularly my browser) up to date. In many cases, this happens automatically.
2. Keep an up to date security suite (I don't always do this, but try to)
3. Don't ever open an email attachment unless you know what it is and why it was sent and trust the sender
4. Hover over links before clicking if you see anything suspicious (I almost never find myself bothering to do this)
5. Watch out for phishers - people who try to steal your password or financial information by spoofing a trusted site.

More information can be found here: http://www.staysafeonline.org/stay-safe-online/

Once you know what to look for, it is easy to see the danger signs. This particular spammer raised the following flags:

1. He posted a link in his very first post and then two more links to the same site in his next four posts. You can check someone's post count by clicking on their username and it is probably the most valuable piece of information.
2. He dug up an old thread that no one had posted in for a year and asked a question that was off topic. [in hindsight, he probably searched in Google for forum threads with certain keywords.]
3. Why did he bother to add the link? It didn't help him to ask his question. If he wanted to ask about that particular firm, why didn't he say so explicitly? And why would he think we would know?
4. He used an inline link. No one uses those except me.
5. His post just didn't seem right. For example, he didn't tell us much about himself and didn't put much effort into his post. People in pain tend to put a LOT of effort into their post, so this didn't add up. Certainly, some of the posts that we get here from newcomers stick out a bit, but when a first post by a newcomer sticks out a lot and it has a link, well, that sets off alarms and gives you a chance to investigate more carefully.

Here's the actual post if you want to see what I mean. This is his very first post on the forum:
http://www.tmswiki.org/forum/threads/lower-back-pain-latest-report.2401/#post-31170

When I saw it the first time, I clicked on his username and found out that it was his first post. This raised further alarms. I was concerned he might be a spammer, so I used administrative rights to remove the link (I added the link back later so you could see what it looks like in location). If I had been a regular user, I would have clicked the report link. The evidence at that point was pretty circumstantial, so I decided to wait a bit before banning. As time passed, I realized that this would be a good example to use to show people what a clever spammer looks like so that we don't get duped again.

 

Aw, thanks, njoy! No one has reported him yet as of yesterday, but I will do it soon. I would like to leave the thread itself intact, though, as I'd like to keep this thread around as a reference for when people need to learn about subtle spammers.

I've sent a strongly worded email to Medoc, emphasizing that it is important that a manufacturer of medical equipment exhibit good morals, and that employing ethical marketing practices should be part of the way that they do business. I haven't heard back from them yet, but it is a weekend.

Eventually, I'd like to train a forum moderator who can help with this type of thing, but, at this point, we are growing fast enough that it is easier for me to just to it myself. If I'm going to train someone, I want it to be someone who has a track record of visiting the forum regularly, and it will be a while before I have a sense of who that is and who might be willing to volunteer.

 

Heya, I just wanted to thank Ellen for clicking the "Report" link on a pill spammer this morning. The message was posted around 3:00 AM my time and thanks to the community I was able to remove it just five hours later at 8:00 AM my time. Spammers can track who clicks on their links, so they know which forums are "profitable" to post on. With a track record like this, they will know better than to harass us.