TECH
07/02/2015 03:21 pm ET Updated Dec 06, 2017

Millions Of Instagram Users Are Just Spambots

Here's how to tell which of your followers are fake.

If you’re jealous of Kim Kardashian’s 37.8 million Instagram followers, don’t be. Many of them are probably fake.

On June 21, a group of security researchers released a study showing that up to 24 million Instagram accounts could be spambots created in online black markets.

These bots are fake accounts that interact with other users. Businesses or celebrities often pay money for phony accounts to increase their social media prestige, but even people who don't purchase followers might find a host of spammers bloating up their follower list. Fortunately, it's not too hard to figure out which accounts are fake.

The researchers, who will publish their work online next week, examined over 10 million Instagram accounts and found that 29.9 percent of them were inactive -- meaning they only ever posted once at the most -- and 7.9 percent behaved like spambots. (For reference, Instagram had 300 million monthly active users as of December 2014, meaning the researchers looked at a very tiny slice of the overall app.)

To determine what spambot behavior is, the researchers purchased the services of 20,000 bots from 10 different online vendors and monitored their activities over a month. They found that each spambot tends to upload an average of six media posts and have a follower-to-following ratio of 1:41. Real Instagrammers, on the other hand, tend to upload an average of 55 media posts and have a follower-to-following ratio of 1:1.

instagram spam
Here's a profile the researchers say is controlled by a spambot. At first glance it might pass for a real person, but it seems less legit once you take into account that is has only nine posts and 258 followers, versus the 6,479 accounts it's following. (Image credit: Andrea Stroppa)

Fake accounts can be bought and sold online at various prices, depending what kind of engagement -- "likes," follows, comments -- the customer wants.

“We tend to associate a person’s popularity with the volume of his or her followers or ‘likes’ received on post and photos,” the study said, noting also that spam account vendors compete with one another to attract "customers eager [to] become super-popular in the social media universe."

instagram spammers
This account is a more obvious spambot. It hasn't posted any photos or videos, yet it has 144 followers and is following 4,085 accounts. (Image credit: Andrea Stroppa)

Instagram's terms of use prohibit people from buying or exchanging followers, and the app regularly makes automatic and manual sweeps to locate and block spambots, a company spokesperson told The Huffington Post. But despite its best efforts, spambots haven't gone away.

In December of 2014, Instagram conducted a purge of inactive and spammy accounts, causing some users, including celebrities such as Justin Bieber and Kim Kardashian, to lose millions of followers overnight.

instagram spambots
An example of an online Instagram spambot black marketplace, where fake followers are bought and sold. (Image credit: Andrea Stroppa)

But spammers aren't just looking for celebrities. If you’ve never bought Instagram followers, you could still wind up with a bunch of fake followers.

“Some software used by spambot creators have an option that allows bots to automatically follow people based on #hashtag,” lead researcher Andrea Stroppa, who also blogs for Huffington Post Italia and the World Economic Forum, told The Huffington Post via email. “Someone that manages bots can decide to follow all people that uploaded picture using the hashtag #Football.”

The comforting news is that by following your account, spambots won't explicitly take or compromise your data. However, if you happen to visit a spambot profile, don't click on the links it posts -- they may lead to malicious websites or apps, Stroppa noted. If you happen to have bought spambot accounts, Stroppa says you run the risk of "reputation damage" if your real followers find out.

There's a silver lining, though: It's pretty easy for us laypeople to detect spambots. According to Stroppa, you can simply dig around in your follower list -- and if some of them have almost no photo uploads or followers, yet are following over 1,000 accounts, you can assume that they're bots.

The simplest way to avoid spambots from following your accounts, for now, is to make your Instagram account private. (Someone out there could be selling your public Instagram photos for their own gain, after all.)

CONVERSATIONS