新資料：53%的賬號登入都是盜號嘗試

“Bot” has become a household word, thanks to the many fraud and disinformation campaigns using fake, automated social media accounts to post or “like” bogus information.

“Bot”成了家喻戶曉的詞，因為有很多欺詐和虛假資訊行為都使用偽造的自動社交媒體帳號釋出虛假資訊或為虛假資訊“點贊”。

But with social media companies like Facebook and Twitter trying to crack down on fake accounts, scammers are turning to real people—or rather, hijacked accounts of real people—to get the message out.

但因為Facebook和推特等社交媒體公司都在打擊虛假賬號，騙子就盯上了真人，或者更確切地說是盜取真人的賬戶來傳播資訊。

According to a new report by Arkose Labs, a fraud and abuse prevention firm, 53% of login attempts on social media accounts are automated break-in efforts by fraudsters.

防止欺詐和濫用的公司Arkose實驗室新發表的報告稱，53%的社交網站賬號的登入嘗試都是詐騙者的自動闖入行為。

Programs like Sentry MBA quickly run through millions of username and password combinations, culled from the endless stream of data breaches that are part of modern life.

Sentry MBA等程式能快速執行數百萬使用者名稱和密碼組合，從現代生活中源源不斷的資料洩露中進行篩選。

“If that [hacked] user’s been on the platform for a couple of years, [the social media company] is much less likely to take action against them than they are against a brand-new, freshly created account,” says Kevin Gosschalk, CEO of Arkose Labs.

Arkose實驗室執行長Kevin Gosschalk說：“如果被黑的使用者使用某個社交平臺幾年了，那該社交媒體公司對其採取措施的可能性就比新建立的使用者要低。”

Scammers still create fake accounts, though: Arkose reports that 25% of all new social media account applications are fraudulent.

然而詐騙者仍然會建立假賬號：Arkose的報告稱社交媒體新賬號的申請中有25%是進行欺詐的。

Some account takeovers are for misinformation; others are for money, often with sex as an enticement, says Gosschalk. Posing as the owners of real, compromised accounts, chatbots start flirting with people on social media, even flashing nude videos.

Gosschalk說一些盜號行為是為了傳播虛假資訊，其他的則是為了騙錢，而且通常以性為誘餌。聊天機器人冒充真實的賬號被盜的使用者，開始和社交媒體上的人調情，甚至傳送裸體視訊。

If the target wants to continue the encounter, the bot says, they need to sign up for a (bogus) dating site—at which point they’d have to enter credit card details for scammers to exploit.

如果對方想要繼續交往，機器人會說他們需要在一個（虛假的）交友網站上註冊，到時候就需要輸入信用卡資訊，就會被騙子利用。

Crooks also use social media to test whether leaked logins might work other places, such as banking sites. “They do a lot of account validation attacks just to see if this particular account exists,” says Vanita Pandey, Arkose’s VP of marketing. “If it does, they . . . go and use that [login] on other websites, as well.”

騙子也會利用社交媒體測試被洩漏的登入資訊是否在其他地方也能用，比如銀行網站。Arkose的市場營銷副總裁Vanita Pandey說：“他們會多次嘗試帳戶驗證，就想看看這個賬戶是否存在，如果存在，他們……就會去其他網站上試用這個‘登入資訊’”。

In the same study, for instance, Arkose found that 9% of login attempts on financial services sites are by fraudsters, often trying the usernames and passwords that people far too often reuse on multiple sites. “People have done just a horrible job of protecting themselves online,” says Gosschalk.

比如在該研究中，Arkose發現金融服務網站上有9%的登入嘗試都是詐騙人員進行的，通常都是在嘗試人們在多個網站上頻繁使用的使用者名稱和密碼。Gosschalk說：“人們在網上的自我保護做得可真不怎麼樣。”