The present invention generally relates to computing devices and, more particularly, to a system and method for detecting compromised social media accounts by analyzing affinity groups.
Hacking social media accounts, where an unauthorized user compromises (e.g., obtains control of) a social media account that is owned by another user, is increasingly common. Hacked social media accounts are often used to distribute malicious content. For example, hacked social media accounts may be used to publish malicious content (or links thereto) such as phishing websites (e.g., websites that falsely purport to be from reputable companies and that are designed to induce visitors to reveal personal information) or malware (e.g., virus-infected files). Hacked social media accounts may also be used to publish other types of malicious content designed to steal a user's personal or financial information, steal corporate secrets, damage a computing device, and/or damage a user's files on a computing device. Additionally, hacked social media accounts may be used to publish content (or links thereto) that is fraudulent (e.g., false advertising) or libelous.
Various approaches have been used to detect compromised social media accounts, including historical analysis and content analysis. In the historical analysis approach, new content posted by a social media account is correlated with content previously posted by that social media account. If there is not sufficient correlation between the new content and the previously posted content, the social media account may be identified as a potentially compromised account. In the content analysis approach, postings by a social media account are classified based upon a type or nature of the posted content. If the posted content is determined to meet predetermined criteria, the social media account may be identified as a potentially compromised account.