新數據：53%的賬號登錄都是盜號嘗試

“Bot” has become a household word, thanks to the many fraud and disinformation campaigns using fake, automated social media accounts to post or “like” bogus information.

“Bot”成了家喻戶曉的詞，因爲有很多欺詐和虛假信息行爲都使用僞造的自動社交媒體帳號發佈虛假信息或爲虛假信息“點贊”。

But with social media companies like Facebook and Twitter trying to crack down on fake accounts, scammers are turning to real people—or rather, hijacked accounts of real people—to get the message out.

但因爲Facebook和推特等社交媒體公司都在打擊虛假賬號，騙子就盯上了真人，或者更確切地說是盜取真人的賬戶來傳播信息。

According to a new report by Arkose Labs, a fraud and abuse prevention firm, 53% of login attempts on social media accounts are automated break-in efforts by fraudsters.

防止欺詐和濫用的公司Arkose實驗室新發表的報告稱，53%的社交網站賬號的登錄嘗試都是詐騙者的自動闖入行爲。

Programs like Sentry MBA quickly run through millions of username and password combinations, culled from the endless stream of data breaches that are part of modern life.

Sentry MBA等程序能快速運行數百萬用戶名和密碼組合，從現代生活中源源不斷的數據泄露中進行篩選。

“If that [hacked] user’s been on the platform for a couple of years, [the social media company] is much less likely to take action against them than they are against a brand-new, freshly created account,” says Kevin Gosschalk, CEO of Arkose Labs.

Arkose實驗室首席執行官Kevin Gosschalk說：“如果被黑的用戶使用某個社交平臺幾年了，那該社交媒體公司對其採取措施的可能性就比新創建的用戶要低。”

Scammers still create fake accounts, though: Arkose reports that 25% of all new social media account applications are fraudulent.

然而詐騙者仍然會創建假賬號：Arkose的報告稱社交媒體新賬號的申請中有25%是進行欺詐的。

Some account takeovers are for misinformation; others are for money, often with sex as an enticement, says Gosschalk. Posing as the owners of real, compromised accounts, chatbots start flirting with people on social media, even flashing nude videos.

Gosschalk說一些盜號行爲是爲了傳播虛假信息，其他的則是爲了騙錢，而且通常以性爲誘餌。聊天機器人冒充真實的賬號被盜的用戶，開始和社交媒體上的人調情，甚至發送裸體視頻。

If the target wants to continue the encounter, the bot says, they need to sign up for a (bogus) dating site—at which point they’d have to enter credit card details for scammers to exploit.

如果對方想要繼續交往，機器人會說他們需要在一個（虛假的）交友網站上註冊，到時候就需要輸入信用卡信息，就會被騙子利用。

Crooks also use social media to test whether leaked logins might work other places, such as banking sites. “They do a lot of account validation attacks just to see if this particular account exists,” says Vanita Pandey, Arkose’s VP of marketing. “If it does, they . . . go and use that [login] on other websites, as well.”

騙子也會利用社交媒體測試被泄漏的登錄信息是否在其他地方也能用，比如銀行網站。Arkose的市場營銷副總裁Vanita Pandey說：“他們會多次嘗試帳戶驗證，就想看看這個賬戶是否存在，如果存在，他們……就會去其他網站上試用這個‘登錄信息’”。

In the same study, for instance, Arkose found that 9% of login attempts on financial services sites are by fraudsters, often trying the usernames and passwords that people far too often reuse on multiple sites. “People have done just a horrible job of protecting themselves online,” says Gosschalk.

比如在該研究中，Arkose發現金融服務網站上有9%的登錄嘗試都是詐騙人員進行的，通常都是在嘗試人們在多個網站上頻繁使用的用戶名和密碼。Gosschalk說：“人們在網上的自我保護做得可真不怎麼樣。”