Dating back to last year, Symantec has been following a trend involving adult webcam spam on social networks, dating applications, and photo sharing applications. Our research found that no matter which platform it was found on, most adult webcam spam shared a common thread: it led users to a mobile messaging service called Kik.
What is Kik?
Kik is an instant messaging service available for all smartphone platforms. The service has more than 100 million users and is extremely popular with teenagers.
A recent history of adult webcam spam
The first cross advertising for Kik spam made its way to Twitter towards the end of summer 2013. Spam bots would target specific keywords and send a reply when one was found. For instance, tweets with the word “horny” would be met with a response from a spam bot, posing as a female, containing the word “horny.” The message would ask the user to reply back using Kik Messenger.
Figure 1. Twitter spam bot directs users to Kik Messenger
Symantec first discovered Tinder spam back in July 2013. Spam accounts on the popular dating application were using bots that worked natively within Tinder to push adult webcam spam. After a few months, the bots were reprogrammed to direct users to Kik Messenger with the promise of sexting (sending sexually explicit text messages and pictures).
Figure 2. Tinder spam bot directs users to Kik Messenger
In late November 2013, Symantec discovered that Snapchat users were being inundated with snaps and friend requests from spam bots featuring nude photographs with the message “Add me on KIK for nudes swap.” Over the next few months, users continued to receive spam snaps on Snapchat featuring photographs of attractive women, encouraging users to add them on Kik.
Figure 3. Snapchat spam bots direct users to Kik Messenger
Over the last few months, Kik users have also been targeted by spam bots. Since many users tend to share their Kik user names publicly on various social networks, spammers have been able to harvest them, allowing them to directly engage users on the messaging service.
Figure 4. Kik spam bots target users natively in the application
Why Kik Messenger?
There are a number of reasons why this particular spam activity leads users to Kik Messenger. For instance, Twitter and Tinder have made efforts to limit the impact of spam by monitoring for suspicious links. Prior to Snapchat adding native chat functionality, there was no way to converse within the application. Spammers using these social networks had to find a way around these limitations and this, in part, is the reason why Kik Messenger has been the preferred application for adult webcam spam.
Figure 5. Kik Messenger inundated with spam bots
What drives the push towards webcam spam?
Figure 6. Kik spam links to a branded webcam site
Traditional survey scams we have seen over the last few years have run their course. Based on the uptick in adult webcam spam, we believe this type of spam is now one of the more popular choices when it comes to monetization. There are a number of legitimate webcam sites that use affiliate programs to drive traffic to their services. Some of these affiliate programs pay affiliates simply for leads, while the real payoff comes when a lead is converted into a successful sign-up.
Figure 7. Sign-up page for a Kik-branded webcam site
Remember, it’s always a good idea to read the fine print. In the example shown in Figure 7, users will be charged US$1.87 for a three-day trial but if they fail to cancel before the trial is over, their credit or debit cards will be charged US$49.95 each month until the trial is cancelled.
How to deal with spam on Kik
Prior to a recent update, users would receive unsolicited chat messages from spam bots regularly. In the latest update, Kik has now opted users into a feature called “Notify for New People” which hides messages from new people that you have never chatted with.
Figure 8. Notify for New People feature in Kik hides chat messages from new people
While this update moves messages from spam bots away from your default chat view, the messages will still be received.
Figure 9. New feature to ignore spam bots on Kik
From this new chat view, you can either start chatting or ignore the messages. By clicking ignore, you are presented with three options: delete, block, or report as spam. We strongly suggest you report these bots back to Kik as spam to help remove them from the service.
A good rule of thumb, when it comes to social networks and dating sites, is to be extra cautious when you receive unsolicited messages, especially from “girls” that talk about going on webcam for you or ask you to send them explicit photographs of yourself. Realistically, you are likely interacting with a spam bot that is going through a scripted conversation that will lead to an adult webcam site.