Facebook Reveals the Sleazy Business of Fake ‘Likes’

Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Firearms, Weapons & Personal Safety, National security, Terrorism, Cyber Terrorism & Related Crimes, Social Media, Technology & Digital Security Comments Off

Sep 102012

Facebook Reveals the Sleazy Business of Fake ‘Likes’

WIRED Magazine
by Rayan Tate
August 31, 2012

Facebook might be one of the most uptight sites on the internet, requiring everyone to log in with their name and picture and birthday and to generally behave themselves like a nerd in study hall. Yet it still has a slimy underground where people do slimy things, the company conceded Friday. Facebook says it is removing fraudulently generated “likes,” which helped make some businesses on Facebook appear more popular than they really were.

In a post on its security blog, Facebook wrote that it “recently increased our automated efforts to remove [fake] Likes” on business pages. In other words, business pages were previously puffed up thanks to shady clicks from fake or hijacked Facebook accounts.

Facebook is dumping this news at a time when few people will read it, on a Friday before a holiday weekend. And no wonder: The implications are disturbing. Facebook’s advertising system is built on the idea that consumers will be willing to build closer relationships with advertisers, “liking” the advertiser’s pages, reading the advertiser’s status updates, and circulating content about the advertiser to friends. If an advertiser’s popularity is exaggerated by fake “likes,” it makes the business less trustworthy and less likely to be engaged by real consumers.

Similarly, legitimate advertisers need to be able to trust that Facebook is populated with real people engaging in real activities. If the social network becomes a haven of bots and fake clicks, no business will want to buy advertising, often billed on a per-click basis. At least one business has already claimed its Facebook advertising spend was squandered on bot clicks.

Facebook isn’t saying outright that businesses paid for fake clicks. But it is implying as much in today’s post, referring to “vendors” of fake likes and adding, “we do not and have never permitted the purchase or sale of Facebook Likes.” And there are signs of a veritable underground “like” economy. The ad group Conversation Agency, for example, told Business Insider its clients are losing large numbers of likes due to the crackdown and are in an uproar. (Facebook will only say that the typical Facebook page will only lose about 1 percent of its likes due to the crackdown, a fairly meaningless statistic because “likes” are not distributed evenly among pages; more popular pages could be seeing a much more pronounced decline.)

Facebook says the crackdown “will be a positive change for anyone using Facebook.” But that’s not true. Fraudsters are clearly using Facebook, too, hence all the fake “likes.” And they’ll be racing to thwart Facebook’s filters. Summer ends this weekend with a victory for Facebook’s “like” engineers. But the arms race has just begun.

Direct Link: http://www.wired.com/business/2012/08/facebook-reveals-the-sleazy-business-of-fake-likes/

Spam from ‘friends’ is actually result of Facebook hole

Sep 082012

Spam from ‘friends’ is actually result of Facebook hole

Facebook has fixed the problem and says spammers are using friend lists they scraped before the fix to send new e-mails.

C/Net News
by Slinor Mills
September 6, 2012

Are you getting spam that has a Facebook friend’s name listed as sender but was actually sent from an unknown e-mail address? Me too.

These are vestiges of an attack that exploited a misconfiguration on Facebook that was fixed last week, according to Facebook. Though spammers aren’t scraping any new friend information off Facebook accounts, they are apparently using previously obtained data to send spam. That means the messages could come until e-mail providers are able to find the source of the spam and shut the spammers down.

Here’s the Facebook statement:

Recently, we discovered a single isolated campaign that was using compromised e-mail accounts to gain information scraped from Friend Lists due to a temporary misconfiguration on our site. We have since enhanced our scraping protections to protect against this and other similar attacks and will continue to investigate this case further. To be clear, there was neither a mass compromise of Facebook accounts nor any leak of private information.

To help protect our users, we’ve built enforcement mechanisms to quickly shut down malicious Pages, accounts, and applications that attempt to spread spam by deceiving users or by exploiting several well-known browser vulnerabilities. We have also enrolled those impacted by spam through checkpoints so they can remediate their accounts and learn how to better protect themselves while on Facebook.

Beyond these protections, we’ve put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people. In addition to the engineering teams that build tools to block spam we also have a dedicated enforcement team that seeks to identify those responsible for spam and works with our legal team to ensure appropriate consequences follow.

I hope the spam stops soon because not everyone will notice that the e-mail didn’t come from a friend, and some people might actually click the link that is in the body of the message.

Direct Link: http://news.cnet.com/8301-1009_3-57507648-83/spam-from-friends-is-actually-result-of-facebook-hole/

Researchers: Seven Annoying Attacks That Facebook Misses & Social networking giant might have fixed its porn problem, but it has plenty of other issues to reckon with, experts say

Articles of Interest, Crimes & Criminal Activity (Organized Crime, Narcotics, Predators, Cyber Crime, Cyber Stalking, UnSolved), Social Media, Technology & Digital Security No Responses »

Nov 232011

Researchers: Seven Annoying Attacks That Facebook Misses
Social networking giant might have fixed its porn problem, but it has plenty of other issues to reckon with, experts say
Dark Reading
By Tim Wilson
Nov 18, 2011

Facebook has largely erased the rash of porn and violent images that affected the site earlier this week, but its problems are far from over, researchers said yesterday.
In a blog about Facebook’s security vulnerabilities posted Thursday, researchers at security vendor Barracuda Networks said Facebook still has little incentive to improve its site security.

“When you are trying to grow a social network as well as increase advertising revenue, security becomes not only a lower priority but sometimes a conflict of interest,” the blog states.

Facebook continues to miss some key security issues on its pages, Barracuda says, and it outlined seven:

1. Fake Product Pages. “Knock-off luxury goods have always been popular scams,” the blog notes. “If you actually get the product, which is a bit of a longshot, you are likely to find that the quality you expected from the brand is lacking at best. Facebook is rife with pages promoting these goods.”

2. Manipulated Accounts Recommendations. “On social networks, those with less good motives have figured out how to game the recommendation system and use it to their advantage,” the blog says. “This is very similar to how attackers have used search engine optimization to promote their malware. Friends are recommended in a variety of ways, but a simply exploited example is through shared apps. Spammer accounts sign up for the same popular apps that real users do and before too long they are showing up in your list of recommended friends.”

3. Affiliate Spam. “Affiliate spam is a bigger and bigger part of the typical users incoming stream,” Barracuda states. “They encourage or require the user to share it out to all their friends and say something like ‘I love Olive Garden’ before being redirected to a never-ending series of offers.”

4. Photo Tagging For Spam. “Photo tagging for spamming is one of the most popular methods of spamming through the network, but it doesn’t seem to be getting much attention,” the blog says. “With each image uploaded, a spammer can tag as many 50 other accounts in a photo, and have as many as 200 photos in an album. With everyone in Facebook having a maximum of 5,000 friends, each photo can reach a quarter million people.”

5. Fake Apps. “Fake apps, malicious apps, misleading apps, whatever you want to call them, Facebook is overflowing with them,” the blog observes. “Usually these apps are in the information gathering and spamming business, but we have found examples that link to malicious binaries.”

6. Stolen Pictures.”There is not really a set of sextuplets, each with the same bikini picture as their personal profile picture,” Barracuda quips. “Those are fake accounts. Certainly there are some images that will be common to multiple people, such as a team logo or newly released album cover. However, the fake accounts typically use images of a salacious nature.”

7. Anomalous Behavior. “Finally, Facebook and social networks in general should focus on some form of anomaly detection,” the blog advises. “We’ve all seen examples of that friend who you never really talk to, and probably weren’t that interested in ‘friending’ anyway, posting on your wall or messaging your account encouraging you get a free iPad or a trip on Southwest airlines. Similar problems have been appropriately mitigated elsewhere in messaging but social networks have a long way to go.”

Direct Link: http://www.darkreading.com/security/attacks-breaches/231903423/researchers-seven-annoying-attacks-that-facebook-misses.html?itc=edit_stub