A new media mini program launched a reading activity with prizes, attracting a large number of users to participate. This activity allows users to receive red envelope rewards through reading tweet tasks and can withdraw cash directly. However, this activity soon encountered black and gray production problems, resulting in the inability to realize user benefits.
background
Watching news and receiving red envelopes is nothing new. On September 15, 2018, Ququtoutiao, which is known as a new generation content information APP, has been riding on the slogan of "watching information and earning pocket money" and was listed on Nasdaq. .
At that time, Qutoutiao had two ways of “making money”. One is that there will be a reading timer in the lower right corner of Qutoutiao's information content page, which can give certain rewards to users based on their browsing time. The rewards are mainly presented in the form of gold coins. The other is that users can ask friends/recommenders for invitation codes or mobile phone numbers, and receive gold coin rewards. And if the invitee registers for Qutoutiao, part of his reading income will also be given back to the inviter. Eventually these gold coins can be exchanged for cash, and 10,000 gold coins can be exchanged for 1 yuan.
This method of promotion through social fission is well-known among Internet practitioners and has become a must-have method for online promotion of countless new media services and expansion of territory.
The campaign to attract new members attracted the Wool Party
According to the intelligence monitoring of Dingxiang Defense Cloud Business Security Intelligence Center BSI-2023-ugwf, in order to increase the number of users, enhance user activity and attract more users to share and fission secondary dissemination, a new media applet launched a reading check-in Receive red envelope activities. This activity has set up multiple award levels. For example, if you check in for 7 consecutive days, you can receive a cash red envelope of 2.8-18 yuan, and if you check in for 14 consecutive days, you can receive a reward of 20-50 yuan.
However, this activity encountered a problem. Malicious users registered a large number of fake accounts and controlled the accounts in batches to log in to receive red envelopes. This resulted in a large number of red envelopes being maliciously snatched, and normal users were unable to obtain the rewards they deserved. At the same time, promotion funds were wasted in vain.
This black and gray behavior brings serious risks and harm to both the new media and users.
Waste of funds and reduced effectiveness: New media promotion funds are robbed by Yang Maomaodang, resulting in a mismatch between investment and effectiveness, increased costs and reduced returns. The promotion fees that new media needs to pay have not achieved the expected returns, which will have a negative impact on the new media's operational strategy and financial status.
Cost and image damage: Due to malicious users registering a large number of fake accounts and manipulating logins to receive red envelopes, new media not only loses a large amount of promotion funds, but also makes it impossible to realize user benefits. This will increase operating costs and also affect the image and credibility of new media.
Damage to the interests of normal users: Due to the existence of black and gray products, normal users cannot obtain the rewards they deserve. This not only loses users' trust in the platform, but may also lead to user churn and no longer participate in subsequent activities.
Reduced security and credibility: Malicious users register and log in through a large number of fake accounts, posing a threat to the security of new media. This may lead to problems such as misuse of user data and privacy leaks. At the same time, as the benefits of the activity are undermined, users may question the credibility of the new media and no longer believe in similar activities, which will have a negative impact on long-term development.
The activity of reading and punching in to receive red envelopes in media mini-programs has encountered problems such as loss of cost and image, damage to the interests of normal users, reduction in security and credibility, waste of funds and decline in effectiveness. New media needs to strengthen the identification and prevention of malicious account registration and manipulated logins, while improving the security and credibility of activities to protect user interests and the long-term development of the platform.
Analysis of risk characteristics of wool party
According to monitoring data from the Dingxiang Defense Cloud Business Security Intelligence Center, the number of new users logging into this new media applet has increased dramatically since its second week of operation, and the number of user requests for risk identification has reached 72%. By looking at the daily trend chart, we found that requests have aggregation characteristics, mainly concentrated between 16:00 and 17:00 in the afternoon, and the duration of abnormal traffic access is about 20 minutes.
Combined with online statistical data analysis, the following characteristics and processes of attack risks and threats can be drawn:
Concentrated first login time: Attackers register a large number of new users through fake accounts and log in during a specific time period. These fake accounts will quickly check in after registration and insist on checking in every day without interruption. This behavior makes the new media mistakenly believe that these users are real active users and reward them.
Short interval between logging in and reading and clocking in: The time between logging in with a fake account and clocking in and reading is extremely short, almost completed within seconds. This may be the use of automated scripts or malware to quickly claim rewards. Additionally, attackers switch between different devices and IP addresses to mask their true identity.
Multiple accounts associated with the same device: Attackers may use certain means to enable the same device to be associated with multiple fake accounts. This behavior makes it difficult for new media to accurately identify and distinguish real users from fake users.
Abnormal IP address associated with the account: Attackers may use proxy tools or other technical means to allow fake accounts to operate under different IP addresses. Such abnormal IP address association will make it more difficult for the platform to judge the authenticity of users.
The process of attack risk can be described as the attacker registering a large number of new users through fake accounts, and concentrating on logging in and clocking in during a specific time period to obtain rewards. They use quick login and check-in methods, switch devices and IP addresses at the same time, and associate multiple fake accounts to further confuse the platform's identification of real users and fake users. This malicious behavior not only damages the operating costs and image of new media, but also poses a threat to user interests and security. New media needs to strengthen security policies for user registration and login, adopt multiple means for identity verification, and identify and prevent such malicious attacks.
Some useful prevention and control measures
New media need to be more cautious and thoughtful in event design and technical precautions to ensure that users can truly receive benefits and improve the overall user experience. In solving this problem, technical analysis is particularly important. Security policies for user registration and login should be strengthened and multiple means should be used for identity verification to prevent the registration and manipulation of false accounts. In addition, establishing a complete data analysis system can help the platform detect abnormal operations and abnormal traffic in a timely manner, and then take corresponding measures. The application of advanced anti-cheating technology and user behavior analysis algorithms can also help the platform quickly identify malicious behaviors and take countermeasures in a timely manner.
Identify and alert risky IP addresses. Access the IP risk database to perform risk matching on user-associated IPs, identify proxy and dial-up IP risks, and intercept malicious IP addresses.
Identify and warn risky equipment. Identify whether the client's device fingerprint is legal and whether there are risks such as injection, hooking, and simulators. Identify whether the client's device fingerprint is legal and quickly identify risks such as flashing, rooting, jailbreaking, and hijacking injection. Quickly identify multiple activations of the same device, abnormal IP behavior associated with the same device, a large number of the same IP aggregation in a short period of time, abnormal proportion of old device models in the same channel, abnormal proportion of old operating systems in the same channel, etc.
Identify and block risky accounts. Determine the verification environment information and token when verification is completed, and detect abnormalities and risky operations in a timely manner. Detect abnormal account behavior. Conduct strategic deployment and control based on user behavior, and deploy and control accounts that switch a large number of accounts on the same device to initiate orders.
Analyze and predict future risk behavior changes. Establish a dynamic operation and maintenance mechanism for local lists. Based on registration data, login data, and activation data, it precipitates and maintains corresponding black and white list data, including black lists of user IDs, mobile phone numbers, devices, and other dimensions. After a certain amount of online data has been accumulated, the registration, login, ordering, and rush buying behaviors can be modeled through risk control data and business precipitation data. The output of the model can be used directly in the risk control strategy.
Relying on red envelope rewards and incentive mechanisms alone to attract users is not a long-term solution. High-quality content is still the core of attracting users. As an information platform, if there is no high-quality content support and only relying on the reward mechanism to attract users to spread and share, it will cause users to only focus on making money instead of actually reading and participating in the content. As a result, the operating costs of new media will increase significantly, and users' real attention and activity to the content may be greatly reduced.