Identity Theft in Blog Comment Spam

Sheesh! 😡

It looks like that the blog comment spammers are doing  more extensive social engineering.

Their new M.O.: blog comment spammers use names of people who comment frequently in the blog and try to appear as those people. (This seems to happen only in WordPress, as my other blogs have yet to experience this attack.)

The blogger, who would conviently use the comment moderation facility in the WordPress dashboard,  would approve the comment thinking that the commenter is someone who as engaged him/her in a past online conversation in the past. What the blogger doesn’t know is that the commenter is actually a spammer.

In my case, for the last couple of weeks, this went unnoticed– I relied on the comment moderation dashboard but then I was unwittingly approving spam from “Ia” “Eugene,” and “Tess Termulo.” It was hard to discern because the comments looked like real comments!

What raised my alarm is the sudden “enthusiasm” of my blogger friends in commenting in my blog. When I investigated at the detailed comments page in WordPress, I was surprised as the URL’s and emails of the commenters were obviously spammy.

Spammers are becoming craftier and the comments don’t look that intelligible (as they would be caught by Akismet). So I suggest bloggers to be more vigilant in filtering spam and use the detailed comments page in WordPress to avoid these attacks.