I did a similar investigation into a couple of fake profiles that are also on LinkedIn and some customers of us got spammed by them. Turns out there's a company with a facade called "whitehallmedia dot co dot uk" and they are hugely involved in the spam game.<p>They seem to have actual people that contact accounts/leads and their contexts from somewhere in India, and those people share spam accounts. Initially they try to sell you some tickets to an analytics and cyber security conference at first, but then they try to contact C-staff as soon as you start reacting.<p>The C-staff members then get trapped into the selling and audit game, so they offer free pentests / IT audits and "cyber security software" that can fix the problems (duh).<p>I created a honeypot with a fake domain and a fake company that doesn't exist, with emails that cannot be guessed blindly and with an email server that doesn't list its account names (and account names are not bruteforceable and neither guessable). Zero links on the internet, domain isn't even google-able.<p>Once I trapped them with private linkedin profiles and the people of whitehall media contacted the fake accounts, the spam arrived in masses. I'm not talking about 10 or 20 a day but in the thousands per day. And their network of hosts that they operate is _huge_.<p>My current guess is that they abuse administrative access to their customer's servers (the analytics/cybersecurity/IT-security forefront) to install their malware and send spam on their customers' behalf without them even knowing about it. We contacted our customers afterwards and asked all others whether or not they had contact to them; and if so that they start to double-check on their server infrastructure because it was very likely that they got infiltrated.
It seems to me like spammers like the one behind this, put enough effort into it that they could probably make more from legitimate activity. It's like there's a "scam premium", where some people pay extra (or work extra for free) just to feel they're outsmarting people.
A ton of automated attacks happen in the logs as well - constant barrage of bots looking for crypto wallets and doing POST requests to index, registration urls, wordpress registration and admin paths, any vulnerable middle layer standard urls as well.
What process do you have to stop this spammer sighing up again. It sounds like you already have some automation, but in this case it got flagged for manual review.
Running a consumer site that has plenty of user generated outgoing links but doesn’t give any exposure to new accounts I’ve seen a lot of different spam tactics as well. The one thing that has worked reliably is building a repository of bad IPs or potentially domains that are doing the spamming and blocking those. I wonder if a central repository of bad actors with this type of activity can be made for multiple UGC platforms to share. Wouldn’t be surprised if Akismet and other spam blockers already surface those. Bonus points if each entry provides details on the kind of attack vector used by each spammer and the sites who add to the list are also vetted/penalized for bad entries. Plus entries have a way of appealing if needed. Multiple layers of accountability built in. Unique ids won work - too dangerous and likely to be abused by advertisers or centralized entities trying to track individuals.
My favorite technique (in terms of "how the heck did they think of that") is Google analytics referral spam. Spammers use bots to generate visits to your website, coming from a site they own that sells something. You (a website owner) see a referrer you don't recognize sending you traffic so you go see what it is. I fell for it a few years back (granted it was obvious when I visited the "referring" site that it was spam).<p>It doesn't seem scalable but I guess if you're targeting website owners and able to automate this at huge scale it prob has some success?
Honestly it seems like spam account creation/SEO blackhatting has not changed in 20 years.<p>Surprised, actually.<p>I used to create and sell similar "linkwheels" as we called them back in the day.<p>...Sorry!
Spam can be mitigated by charging money for usage. Sadly, we've got this precedent where everything on the internet either needs to be free or freemium.
I am now under the impression that we have two solutions for spam and robocalls. Make people link some real ID to accounts, or treat spammers and robocallers like terrorist. I personally prefer the 2nd option. Once spammers fear for their lives, they will stop.