Fake accounts are a preferred means for malicious users of online social networks to send spam, commit fraud, or otherwise abuse the system. In order to scale, a single malicious actor may create dozens to thousands of fake accounts; however, any individual fake account may appear to be legitimate on first inspection, for example by having a real-sounding name or a believable profile.
In this talk we will describe LinkedIn’s approach to finding and acting on clusters of fake accounts. We divide our approach into two parts: clustering, i.e., assembling groups of accounts that share one or more characteristics; and scoring, i.e., classifying each cluster into benign or malicious. We will describe different scoring mechanisms, propose some general classes of features used to score, and show how our modular approach allows us to scale to handle many different types of fake account clusters. We will also discuss tradeoffs between offline and online implementation of the algorithms.