"They can make 1,000 to 10,000 percent profit on a campaign," said Don Jackson, a senior security researcher at Dell SecureWorks.
In fact, the scam artists have their activity down to a science. "The groups that run the botnets have studies to tell them how many successful Twitter accounts you need to successfully seed a new botnet," Jackson said.
Although still popular, social media attacks peaked with the Koobface worm in 2007 to 2008, said Mary Landesman, a senior security researcher with Cisco.
However, news events can cause a spike in activity. "An example of that occurred last week when malicious actors attempted to exploit interest in the Boston Marathon bombings and the fertilizer plant explosion in Texas," Landesman said.
"Many of these involved setting up fake charity 'scam' accounts on both Facebook and Twitter," she added.
Sign up for Computerworld eNewsletters.