NCSAM: Protect IT – Social Media Bots

Social Media Bot programs are common and adaptable to various social media platforms across multiple venues and areas of interest. Social Media Bot usage continues to increase on various social media platforms within the United States. As Social Media Bots increase in usage and utility, malicious behavior via Social Media Bots is also likely to increase. Recent elections in 2016 and 2017, in the United States, United Kingdom, France, and Germany, have drawn a spotlight on the nefarious activity of Social Media Bots.

What can you do PROTECT yourself Social Media Bots?

Look out for these common attack methods:

  • Click Farming or Like Farming inflate fame or popularity on a website through liking or reposting of content via Click Farms, which provide fake user accounts (typically semi-automated social Media Bots) and management of the Social Media Bots (e.g., bot herder) for purchase.
  • Hashtag Highjacking use hashtags to focus an attack (e.g., spam, malicious links) on a specific audience using the same hashtag.
  • Repost Storm use a parent Social Media Bot account, or martyr Social Media Bot, to initiate an attack by reposting something, which an associated group of Social Media Bots (aka botnet) instantly reposts.
  • Sleeper Bots remain dormant for long periods of time, wake up to launch their attack of thousands of posts or retweets in a short period of time (perhaps as a Retweet Storm, or spam attack), then return to a dormant state.
  • Trend Jacking and Watering Hole Attack use top trending topics to focus on an intended audience for targeting purposes.

What types of Social Media Bots are out there?:

  • Automated Social Media Bots allow the user to establish a set of parameters using programming language within an application or program (e.g., retweet a specific hashtag every time it is posted, but not when the bot itself retweets it), which the Social Media Bot then executes without human interaction.
  • Semi-automated Social Media Bots allow a user to program a set of parameters, but may have or require additional user interaction or a greater degree of management. These types of Social Media Bots are typically fake accounts with fake personalities and are run at least partially by humans or click farms, rather than programming language.

Social Media Bots are becoming more prevalent and better at mimicking human behavior on social media platforms. As of 2017, technology companies are seeking investments and further incorporation of Social Media Bots into social media services and platforms, expanding "future digital communication" to provide a myriad of services as automated assistants. As Social Media Bots gain a greater foothold in social media and daily life, the potential uses, for good and malicious purposes, are ever expanding.

Click here to download the information above as a PDF.

If you have any questions about cybersecurity or want to learn more about how to stay safe online, please contact University of Miami's Information Security Office (ISO) at:

Click here or on the image below to download UMIT's 2019 NCSAM flyer:

Feel free to print this flyer and share it with your colleagues/peers!