Instagram porn bots’ latest tactic is ridiculously low-effort, but it’s working

Porn bots are more or less ingrained in the social media experience, despite platforms’ best efforts to stamp them out. We’ve grown accustomed to seeing them flooding the comments sections of memes and celebrities’ posts, and, if you have a public account, you’ve probably noticed them watching and liking your stories. But their behavior keeps changing ever so slightly to stay ahead of automated filters, and now things are starting to get weird. While porn bots at one time mostly tried to lure people in with suggestive or even overtly raunchy hook lines (like the ever-popular, “DON'T LOOK at my STORY, if you don't want to MASTURBATE!”), the approach these days is a little more abstract. It’s become common to see bot accounts posting a single, inoffensive, completely-irrelevant-to-the-subject word, sometimes accompanied by an emoji or two. On one post I stumbled across recently, five separate spam accounts all using the same profile picture — a closeup of a person in a red thong spreading their asscheeks — commented, “Pristine ????,” “Music ????,” “Sapphire ????,” “Serenity ????” and “Faith ????.” Another bot — its profile picture a headless frontal shot of someone’s lingerie-clad body — commented on the same meme post, “Michigan ????.” Once you’ve noticed them, it’s hard not to start keeping a mental log of the most ridiculous instances. “????agriculture” one bot wrote. On another post: “terror ????” and “????????insect.” The bizarre one-word comments are everywhere; the porn bots, it seems, have completely lost it. Really, what we’re seeing is the emergence of another avoidance maneuver scammers use to help their bots slip by Meta’s detection technology. That, and they might be getting a little lazy. Screenshots by Engadget “They just want to get into the conversation, so having to craft a coherent sentence probably doesn't make sense for them,” Satnam Narang, a research engineer for the cybersecurity company Tenable, told Engadget. Once scammers get their bots into the mix, they can have other bots pile likes onto those comments to further elevate them, explains Narang, who has been investigating social media scams since the MySpace days. Using random words helps scammers fly under the radar of moderators who may be looking for particular keywords. In the past, they’ve tried methods like putting spaces or special characters between every letter of words that might be flagged by the system. “You can't necessarily ban an account or take an account down if they just comment the word ‘insect’ or ‘terror,’ because it's very benign,” Narang said. “But if they're like, ‘Check my story,’ or something… that might flag their systems. It’s an evasion technique and clearly it's working if you're seeing them on these big name accounts. It's just a part of that dance.” That dance is one social media platforms and bots have been doing for years, seemingly to no end. Meta has said it stops millions of fake accounts from being created on a daily basis across its suite of apps, and catches “millions more, often within minutes after creation.” Yet spam accounts are still prevalent enough to show up in droves on high traffic posts and slip into the story views of even users with small followings. The company’s most recent transparency report, which includes stats on fake accounts it’s removed, shows Facebook nixed over a billion fake accounts last year alone, but currently offers no data for Instagram. “Spammers use every platform available to them to deceive and manipulate people across the internet and constantly adapt their tactics to evade enforcement,” a Meta spokesperson said. “That is why we invest heavily in our enforcement and review teams, and have specialized detection tools to identify spam.” Screenshot by Engadget Last December, Instagram rolled out a slew of tools aimed at giving users more visibility into how it’s handling spam bots and giving content creators more control over their interactions with these profiles. Account holders can now, for example, bulk-delete follow requests from profiles flagged as potential spam. Instagram users may also have noticed the more frequent appearance of the “hidden comments” section at the bottom of some posts, where comments flagged as offensive or spam can be relegated to minimize encounters with them. “It's a game of whack-a-mole,” said Narang, and scammers are winning. “You think you've got it, but then it just pops up somewhere else.” Scammers, he says, are very adept at figuring out why they got banned and finding new ways to skirt detection accordingly. One might assume social media users today would be too savvy to fall for obviously bot-written comments like “Michigan ????,” but according to Narang, scammers’ success doesn’t necessarily rely on tricking hapless victims into handing over their money. They’re often participating in affiliate programs, and all they need is to get people to visit a website — usually branded as an “adult dating service” or the like — a

Mar 23, 2024 - 00:30
 0
Instagram porn bots’ latest tactic is ridiculously low-effort, but it’s working

Porn bots are more or less ingrained in the social media experience, despite platforms’ best efforts to stamp them out. We’ve grown accustomed to seeing them flooding the comments sections of memes and celebrities’ posts, and, if you have a public account, you’ve probably noticed them watching and liking your stories. But their behavior keeps changing ever so slightly to stay ahead of automated filters, and now things are starting to get weird.

While porn bots at one time mostly tried to lure people in with suggestive or even overtly raunchy hook lines (like the ever-popular, “DON'T LOOK at my STORY, if you don't want to MASTURBATE!”), the approach these days is a little more abstract. It’s become common to see bot accounts posting a single, inoffensive, completely-irrelevant-to-the-subject word, sometimes accompanied by an emoji or two. On one post I stumbled across recently, five separate spam accounts all using the same profile picture — a closeup of a person in a red thong spreading their asscheeks — commented, “Pristine ????,” “Music ????,” “Sapphire ????,” “Serenity ????” and “Faith ????.”

Another bot — its profile picture a headless frontal shot of someone’s lingerie-clad body — commented on the same meme post, “Michigan ????.” Once you’ve noticed them, it’s hard not to start keeping a mental log of the most ridiculous instances. “????agriculture” one bot wrote. On another post: “terror ????” and “????????insect.” The bizarre one-word comments are everywhere; the porn bots, it seems, have completely lost it.

Really, what we’re seeing is the emergence of another avoidance maneuver scammers use to help their bots slip by Meta’s detection technology. That, and they might be getting a little lazy.

side by side screenshots of an Instagram comments' section showing numerous posts by porn bots
Screenshots by Engadget

“They just want to get into the conversation, so having to craft a coherent sentence probably doesn't make sense for them,” Satnam Narang, a research engineer for the cybersecurity company Tenable, told Engadget. Once scammers get their bots into the mix, they can have other bots pile likes onto those comments to further elevate them, explains Narang, who has been investigating social media scams since the MySpace days.

Using random words helps scammers fly under the radar of moderators who may be looking for particular keywords. In the past, they’ve tried methods like putting spaces or special characters between every letter of words that might be flagged by the system. “You can't necessarily ban an account or take an account down if they just comment the word ‘insect’ or ‘terror,’ because it's very benign,” Narang said. “But if they're like, ‘Check my story,’ or something… that might flag their systems. It’s an evasion technique and clearly it's working if you're seeing them on these big name accounts. It's just a part of that dance.”

That dance is one social media platforms and bots have been doing for years, seemingly to no end. Meta has said it stops millions of fake accounts from being created on a daily basis across its suite of apps, and catches “millions more, often within minutes after creation.” Yet spam accounts are still prevalent enough to show up in droves on high traffic posts and slip into the story views of even users with small followings.

The company’s most recent transparency report, which includes stats on fake accounts it’s removed, shows Facebook nixed over a billion fake accounts last year alone, but currently offers no data for Instagram. “Spammers use every platform available to them to deceive and manipulate people across the internet and constantly adapt their tactics to evade enforcement,” a Meta spokesperson said. “That is why we invest heavily in our enforcement and review teams, and have specialized detection tools to identify spam.”

Comments from porn bots on Instagram that read
Screenshot by Engadget

Last December, Instagram rolled out a slew of tools aimed at giving users more visibility into how it’s handling spam bots and giving content creators more control over their interactions with these profiles. Account holders can now, for example, bulk-delete follow requests from profiles flagged as potential spam. Instagram users may also have noticed the more frequent appearance of the “hidden comments” section at the bottom of some posts, where comments flagged as offensive or spam can be relegated to minimize encounters with them.

“It's a game of whack-a-mole,” said Narang, and scammers are winning. “You think you've got it, but then it just pops up somewhere else.” Scammers, he says, are very adept at figuring out why they got banned and finding new ways to skirt detection accordingly.

One might assume social media users today would be too savvy to fall for obviously bot-written comments like “Michigan ????,” but according to Narang, scammers’ success doesn’t necessarily rely on tricking hapless victims into handing over their money. They’re often participating in affiliate programs, and all they need is to get people to visit a website — usually branded as an “adult dating service” or the like — and sign up for free. The bots’ “link in bio” typically directs to an intermediary site hosting a handful of URLs that may promise XXX chats or photos and lead to the service in question.

Scammers can get a small amount of money, say a dollar or so, for every real user who makes an account. In the off chance that someone signs up with a credit card, the kickback would be much higher. “Even if one percent of [the target demographic] signs up, you're making some money,” Narang said. “And if you're running multiple, different accounts and you have different profiles pushing these links out, you're probably making a decent chunk of change.” Instagram scammers are likely to have spam bots on TikTok, X and other sites too, Narang said. “It all adds up.”

Comments by porn bots on a Pikachu meme on Instagram, including
Screenshot by Engadget

The harms from spam bots go beyond whatever headaches they may ultimately cause the few who have been duped into signing up for a sketchy service. Porn bots primarily use real people’s photos that they’ve stolen from public profiles, which can be embarrassing once the spam account starts friend requesting everyone the depicted person knows (speaking from personal experience here). The process of getting Meta to remove these cloned accounts can be a draining effort.

Their presence also adds to the challenges that real content creators in the sex and sex-related industries face on social media, which many rely on as an avenue to connect with wider audiences but must constantly fight with to keep from being deplatformed. Imposter Instagram accounts can rack up thousands of followers, funneling potential visitors away from the real accounts and casting doubt on their legitimacy. And real accounts sometimes get flagged as spam in Meta’s hunt for bots, putting those with racy content even more at risk of account suspension and bans.

Unfortunately, the bot problem isn’t one that has any easy solution. “They're just continuously finding new ways around [moderation], coming up with new schemes,” Narang said. Scammers will always follow the money and, to that end, the crowd. While porn bots on Instagram have evolved to the point of posting nonsense to avoid moderators, more sophisticated bots chasing a younger demographic on TikTok are posting somewhat believable commentary on Taylor Swift videos, Narang says.

The next big thing in social media will inevitably emerge sooner or later, and they’ll go there too. “As long as there's money to be made,” Narang said, “there's going to be incentives for these scammers.”This article originally appeared on Engadget at https://www.engadget.com/instagram-porn-bots-latest-tactic-is-ridiculously-low-effort-but-its-working-181130528.html?src=rss

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow

Viral News Code whisperer by profession, narrative alchemist by passion. With 6 years of tech expertise under my belt, I bring a unique blend of logic and imagination to ViralNews360. Expect everything from tech explainers that melt your brain (but not your circuits) to heartwarming tales that tug at your heartstrings. Come on in, the virtual coffee's always brewing!