I. Introduction
To understand how spammer users operate in the Twitter community, it is useful to recall the social network behavior. Users communicate through short “tweets” (140 characters max), that can be viewed by the users' followers and retrieved or “re-tweeted”. Two types of friends exist in Twitter: “followers” and “following”. A follower of user ‘Alice’ is any user ‘Bob’ who agrees to receive Alice's tweets. Conversely, a following of Alice is a user who is followed by Alice. These relationships are not reciprocal: albeit Alice follows Bob, Bob may not be a follower of Alice. As opposed to other Social Networks, Alice can post tweets on Bob's page without permission, since Alice does not have to be one of Bob's followers to post tweets on Bob's profile. Because of this mechanism, spammers can flood a user's page with malicious messages without permission. Likewise, a cybercriminal can post malicious links on his/her followers' profile, in order to direct them to phishing pages or to spread malware. The major problems in Twitter are the possibility to automatically receive following accounts' updates, and the possibility to write on followers' profile pages without followed in turn.