Misinformation and disinformation are more prevalent than ever on the internet, and social media in particular. And it isn’t always easy to tell when you are being presented with this false information at a glance, especially from social media like Twitter. The sheer volume of posts and accounts on Twitter has made it one of the biggest sources of this problem.
Even to those of us in the security profession the tools to detect these malicious accounts can be arcane, scattered, or expensive. It can be time consuming and complicated to process to check the validity of a given suspicious profile. This problem only compounds for the average user, with less knowledge of the field. For them, these kinds of checks can be extremely difficult, to say the least.
Knowing this, we set out to make this process a little easier. For everyone, but especially for the average consumer. After all, the information is out there already, so our goal was to reduce the friction inherent in the current process. Our project, Scam-or-Not, aims to combine several different checks and searches into one easy search. By giving us a URL or a twitter profile we will take it and automatically give back a rating for how likely that input is to be a scam.
Our system is especially powerful with Twitter accounts. We look at not only the account “headlines”, but also perform analysis on the content and links used in tweets by the profile. In essence, we go one step deeper to look at what they are posting as well as how they act. This analysis combines checks in our own databases of known good and bad URLs, anti-bot analysis, content tone analysis, and more to give a much more holistic score at the end.