Is Influencer Marketing being Besieged by Bad Bots and Fake Followers?

Alex McConnell Cybersecurity Content Specialist

Influencer marketing is set to be worth $13.8 billion by the end of 2021, rising from $9.7 billion since last year. With many people working from home during the pandemic, monetizing a social media following by creating sponsored posts for brands has become a popular side hustle.

This can be seen by the rapid growth of emerging platforms, particularly TikTok which saw over 2 billion downloads in 2020 and a 45% increase in its use by influencers in 2021 to date.

Are fake accounts a problem in influencer marketing?

On social media, an influencer’s value to brands is measured in their reach and how much engagement they can generate with their content.

In theory this is easily measurable by counting the influencer’s followers and how many likes and comments each of their posts receives. In practice these numbers can lie because a large proportion of social media users are fake, or “bots”.

What we mean by social media bots is accounts created and controlled by an automated process rather than by a person, as you would usually expect and as most accounts usually claim.

Where a large segment of an influencer’s engagements come from fake accounts or social media bots, trust is lost between the influencer and their genuine followers (those they hope to “influence” into buying any product they endorse), as well as with the brands paying for this promotional service.

Where influencers have an especially high ratio of fake followers, it’s likely that many of these interactions have been bought by the influencer from click farms or fake account vendors. 55 per cent of Instagram influencers were involved in some form of social media fraud in 2020, according to HypeAuditor.

Where do fake social media accounts come from?

The practice of buying fake likes and followers on social media can be seen as a form of fraud, especially if done to obtain paid sponsorships on posts. It’s not difficult to find services (or “follower factories”) that sell fake followers and likes for each platform, as was seen by the emergence of vending machines in Russia selling 100 Instagram followers for $1.75.

But it’s not just demand from wannabe influencers that is to blame for the practice – these fake likes and followers must come from somewhere. More often than not, they are supplied from less-than-scrupulous means.

Fake account creation bots for social media

Fake account creation is also known as account fraud or mass account registration. The process of creating an account on a particular site or service is automated and then replicated in quick succession by bots. The accounts are often aggregated and used to direct specific attack types at their targets, including:

  • Abuse of signup offers (common in loyalty schemes and gambling sites, aka bonus abuse)
  • Posting spam links for the purpose of phishing and other attacks
  • Romance or lonely-hearts scams
  • Financial fraud
  • Spreading fake news with political intent

Sometimes account names and information are randomly generated, whilst other times legitimate identities are used without the real person’s consent. In some cases, fraudsters open accounts using the names of people ineligible for accounts, such as children or even pets.

In the case of influencer bots, fake accounts are populated with automatically generated account information and posts to disguise them as legitimate.

Many social media platforms put measures in place to prevent automated fake account creation, for example using CAPTCHA, rate limiting requests or requiring account verification via email or phone number when registering. However, CAPTCHA can be bypassed either programmatically or by using cheap CAPTCHA farms, and even phone numbers can now be spoofed, should the attacker be sophisticated and determined enough.

Account takeover and stolen credentials

Fake account vendors also steal legitimate accounts to add to their inventory of likes and follows. Account details could be obtained via data leaks from other websites, as people commonly reuse the same password across services. Even if passwords are not copied across, adversaries can use credential stuffing bots to repeatedly try username and password combinations until the correct details are found by brute force.

Stolen accounts can also be bought cheaply on dark web forums and sites like the Genesis Market. Accounts for specific sites can even be bought in large quantities to be used for various attack types.

How can social media bots used by influencers be stopped?

The chain of responsibility in influencer scams is so complex that it’s difficult to know who is responsible for breaking it. According to the BLADE Framework®, which describes several bot attack kill chains, it is most effective to disrupt attacks at the earliest stage possible. Therefore, blocking malicious traffic at the account creation pages is the key to preventing social media bots.

Are you tired of seeing your
website being exploited by bots?

Alex McConnell is a technical writer and cybersecurity content specialist at Netacea. He works closely with the threat research team to create insightful, accessible content on the latest trends within cybersecurity and bot management. Alex has a decade of experience creating content related to internet services, spanning web performance, online user experience and non-human traffic.
Related Resources

Protecting Customers of Leading Baked Goods Brand from...

07th Oct 2021 / 17:03 VIEW case study

Customer Loyalty: How are bots exploiting business logic?

28th Jun 2021 / 16:32 VIEW whitepaper

Netacea Quarterly Index: Top 5 Scalper Bot Targets of ...

15th Nov 2021 / 14:10 VIEW guide