Spam is more effective via Facebook than email – but people are catching on fast. That’s the conclusion from anti-virus firm F-Secure, quoted in this story in Information Week.
Sean Sullivan, a security adviser at F-Secure, studied two recent spam campaigns that purported to be about a McDonald’s “Happy Meal Horror” and used bit.ly short links. Sullivan found a statistics dashboard tied to the attack and discovered that the spam campaign had netted a combined 32,000 clicks and 15,000 “likes” on Facebook. One link had a conversion rate of clicks to likes of 40% and the other 48%. His blog post on F-Secure lays out all the details and makes for quite interesting reading.
In terms of spam, “40% is an excellent conversion rate, much better than e-mail spam,” said Sullivan. “However, the 32,000 clicks is far less than similar spam from just two months ago when we saw several examples of viral links that yielded hundreds of thousands of clicks.” The links pointed to a cost-per-action survey but few people actually filled this out.
Sullivan said the good news was that people seemed to be growing wary of Facebook spam, but the bad news is that the attacks would likely continue because it didn’t take many people filling out surveys or signing up to bogus SMS subscriptions in order to make it worthwhile for the spammers.
A number of Facebook users have had their accounts compromised, allowing spam to spread on Facebook through status updates, chats and private messages. Generic email spammers have also been masking their emails as Facebook messages to encourage higher click-through rates, in a variation of a phishing scam.
Facebook is taking all this very seriously and is aggressively filtering many pages. The social networking site has also joined the board of directors of the industry-wide Messaging Anti-Abuse Working Group.
I’m not hopeful for a solution. In two decades of the World Wide Web, we’ve yet to eliminate email spam. The best we’ve managed to do is develop robust spam filters and train people to recognize spam for what it is. Yet clearly spammers still find it worth their time to send dodgy emails and to go to great lengths with proxy servers and the like to do so.
Like email spam, I imagine that Facebook spam will exist as long as there are people who are fooled long enough to click and spread the message. Hopefully that number will decrease in time as education efforts take effect. And perhaps some sort of technical solution can at least reduce the volume or filter messages for review.
![[Inside Social Apps 2012]](http://www.allfacebook.com/wordpress/wp-content/themes/allfacebook2/images/ISA2012_336x100_F_RegisterNow.gif)
![[AllFacebook Stats: Facebook Analytics for Your Business]](http://www.allfacebook.com/wordpress/wp-content/themes/allfacebook2/images/stpro_allfacebookstats.gif)
![[How can Facebook change your business?]](http://www.allfacebook.com/wordpress/wp-content/themes/allfacebook2/images/FMB_A_MAY2011_336x100_F.gif)
Before you like and spam all your friends to see some junk please visit http://www.bypassfanpages.com/ thank you.
Comment by Seth Prescott — August 24, 2010 @ 3:39 pm
The only reason FB spam exists is because they were idiots and opened up to the public instead of staying to verified .edu email account holders, who typically will not get their email account hijacked because they're required to use stringent passwords. That's why I've not bothered with FB and went to other college only sites. Forget FB. They're overrun by incompetence.
Comment by Guest — August 24, 2010 @ 6:14 pm
th kaneitai
Comment by Georgia Lella — August 25, 2010 @ 1:06 am
Why is it that any time a negative thing is mentioned, some idiot goes, "Hark! Back in the day of 15,000 total users, facebook was perfect!"??
If facebook actually had any userbase caring about when the "holy .edu" thing was still in place, it'd have been simplistic for spammers to spoof fake .edu domains, or swipe accounts.
It's very sad to know someone has disliked the service for years now, and yet, continues to use it, and, further, has added no one in that time, yet, still feels threatened by all of the people they do not add. If that isn't the case, well, 99.9% of the people on facebook have joined since the .edu thing ceased to matter, so it's rather unlikely anyone they've added since then does, in fact, use a .edu account.
In earnesty, using .edu accounts for facebook is really an abuse of the associated(if any!) university's services and resources.
Comment by mmm — August 26, 2010 @ 6:22 am
I have a question, has anyone found a solution to the problem of not being able to login to FB unless you enter a mobile number? I've been roadblocked for 3 days now. Have gotten no response from FB, which what I read on here isn't a surprise. I have tried to access by changing password, did not work.
Comment by Marie — September 9, 2010 @ 3:31 pm
[...] Spam has been a growing problem at Facebook. While suing three spammers might seem like a token effort, big judgments like the ones Facebook has secured in the past can be significant deterrents. It’s also coupled with technical fixes such as aggressive filtering and co-operative efforts on an industry level. Spam is not an easy problem to fix but there’s no doubt Facebook is taking it seriously. addthis_pub = 'biznickman'; Tags:Legal, Mobile, Spam .intro{ font-family: Helvetica, Arial, Verdana; padding: 12px 13px; border: 2px solid #fff69d; background-color: #fff5cd; -moz-border-radius: .6em; border-radius: .6em; -moz-border-radius: .6em; margin: 20px 0 20px 0; } .intro p{ padding: 0; margin: 0; font-size: 14px; } .intro a{ text-decoration:underline; font-weight: bold; font-size:10px; } .intro a:hover{ text-decoration: none; } [...]
Pingback by Facebook sues spammers — October 20, 2010 @ 3:22 pm
[...] updates and wall posts, like the one called “Justin Bieber got erection in public.” Clicking on it spreads the spam and malware. This malware masquerades as a legitimate application. Click on the linkĀ and you are asked for [...]
Pingback by Warning: ‘Justin Bieber Gets Boner’ Is Latest Facebook Malware — November 22, 2010 @ 12:16 pm
You may publish your Email publicly (in chats, forums, twitter, facebook, etc.) protecting it from web scraping/harvesting by spam bots at http://hidemail For ex., my@abc.COM can be given as http://hidemail.at/pt0oxw86
Comment by @KeyCAPTCHA — January 26, 2011 @ 8:50 am