There’s been a lot of spam lately, but it seems we can only flag individual posts, not the user itself.
For example: VIJAY71828’s profile.
Are accounts like this eventually blocked or deleted? Also, what third-party sign-in methods do these spammers typically use?
Yes, I would also agree that it is becoming more, more subtle and also more sophisticated. At the beginning it is still a normal post and the SPAM link only comes in the 3rd or 4th post of the same user.
That depends on what the admin decides. Personally, I usually delete the users immediately. I have no hope that a user who registered on the same day, has not yet made a single change on osm.org and starts directly with a SPAM posting will eventually come to his senses and still wants to contribute normally. I doubt it!
As far as I know, you inevitably need a user on osm.org – there is no other registration option in the forum. Correct me if I’m wrong.
Example: VIJAY71828 | OpenStreetMap
The user was created on the same day he appeared here and has not made a single edit. I can delete him here in the forum, see https://community.openstreetmap.org/u/VIJAY71828/summary
But in osm.org he is still counted as a registered user.
At osm.org, however, you can sign up with an email address, OpenID, Google, Facebook, Microsoft, GitHub or Wikipedia.
It would be interesting to know which method these spammers tend to use, but as a forum moderator, I have no insight into that.
There was already a lengthy discussion on this topic in the moderators’ room in November 2024. At the time, it was determined that not all options to combat spam had been exhausted in this Discourse instance. Currently, we moderators can only block IP addresses, but not set email-only addresses or even domain wildcards, for example.
We also can’t set which URLs in the posting itself should trigger the automatic block. The blacklist function is there, but not activated for us.
The Discourse plugin ‘Akismet’ was also discussed, which is used to combat spam. However, due to the problems with Wordpress in general, this was not recommended.
Mammi and I check over 300 spam reports per year. The response time is currently 13 minutes on average. You can imagine the time involved 
If I use the Web Search again, Akismet seems to be the only solution, but that’s not my instance and, for one thing, I can’t decide that for myself and, for another, I can’t install it myself anyway.
It is also possible to add domains or keywords to a blacklist, but this function has not been activated for us: How to prevent registration spam - Support - Discourse Meta
I’m with you. Kick 'em immediately.
Me personally, I also directly file a report to the DWG or simply go find the profile in question at osm.org and report it there.