新数据：53%的账号登录都是盗号尝试

“Bot” has become a household word, thanks to the many fraud and disinformation campaigns using fake, automated social media accounts to post or “like” bogus information.

“Bot”成了家喻户晓的词，因为有很多欺诈和虚假信息行为都使用伪造的自动社交媒体帐号发布虚假信息或为虚假信息“点赞”。

But with social media companies like Facebook and Twitter trying to crack down on fake accounts, scammers are turning to real people—or rather, hijacked accounts of real people—to get the message out.

但因为Facebook和推特等社交媒体公司都在打击虚假账号，骗子就盯上了真人，或者更确切地说是盗取真人的账户来传播信息。

According to a new report by Arkose Labs, a fraud and abuse prevention firm, 53% of login attempts on social media accounts are automated break-in efforts by fraudsters.

防止欺诈和滥用的公司Arkose实验室新发表的报告称，53%的社交网站账号的登录尝试都是诈骗者的自动闯入行为。

Programs like Sentry MBA quickly run through millions of username and password combinations, culled from the endless stream of data breaches that are part of modern life.

Sentry MBA等程序能快速运行数百万用户名和密码组合，从现代生活中源源不断的数据泄露中进行筛选。

“If that [hacked] user’s been on the platform for a couple of years, [the social media company] is much less likely to take action against them than they are against a brand-new, freshly created account,” says Kevin Gosschalk, CEO of Arkose Labs.

Arkose实验室首席执行官Kevin Gosschalk说：“如果被黑的用户使用某个社交平台几年了，那该社交媒体公司对其采取措施的可能性就比新创建的用户要低。”

Scammers still create fake accounts, though: Arkose reports that 25% of all new social media account applications are fraudulent.

然而诈骗者仍然会创建假账号：Arkose的报告称社交媒体新账号的申请中有25%是进行欺诈的。

Some account takeovers are for misinformation; others are for money, often with sex as an enticement, says Gosschalk. Posing as the owners of real, compromised accounts, chatbots start flirting with people on social media, even flashing nude videos.

Gosschalk说一些盗号行为是为了传播虚假信息，其他的则是为了骗钱，而且通常以性为诱饵。聊天机器人冒充真实的账号被盗的用户，开始和社交媒体上的人调情，甚至发送裸体视频。

If the target wants to continue the encounter, the bot says, they need to sign up for a (bogus) dating site—at which point they’d have to enter credit card details for scammers to exploit.

如果对方想要继续交往，机器人会说他们需要在一个（虚假的）交友网站上注册，到时候就需要输入信用卡信息，就会被骗子利用。

Crooks also use social media to test whether leaked logins might work other places, such as banking sites. “They do a lot of account validation attacks just to see if this particular account exists,” says Vanita Pandey, Arkose’s VP of marketing. “If it does, they . . . go and use that [login] on other websites, as well.”

骗子也会利用社交媒体测试被泄漏的登录信息是否在其他地方也能用，比如银行网站。Arkose的市场营销副总裁Vanita Pandey说：“他们会多次尝试帐户验证，就想看看这个账户是否存在，如果存在，他们……就会去其他网站上试用这个‘登录信息’”。

In the same study, for instance, Arkose found that 9% of login attempts on financial services sites are by fraudsters, often trying the usernames and passwords that people far too often reuse on multiple sites. “People have done just a horrible job of protecting themselves online,” says Gosschalk.

比如在该研究中，Arkose发现金融服务网站上有9%的登录尝试都是诈骗人员进行的，通常都是在尝试人们在多个网站上频繁使用的用户名和密码。Gosschalk说：“人们在网上的自我保护做得可真不怎么样。”