Spam definitely doesn’t pay in the long run. Adam Guerbuez and Atlantis Blue Capital learned that when Judge Jeremy Fogel awarded Facebook $873 million in damages for them sending “sleazy messages” to their users. According to Facebook, this is the “largest judgment in history for action brought under the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM)”. You can read more about the act here.

Unfortunately Facebook doesn’t expect that they will ever receive the $873 million awarded to them as spammers typically don’t pay and traditionally operate from abroad. I wrote about the Facebook suit back in August and it looks like the case has finally been closed. I’m guessing that the defendants never appeared in court as they most likely would have been arrested on arrival. A copy of the judgement has been embedded below.
Read the rest of this entry »

I’ve written numerous times about the proliferation of spam on Facebook and it’s becoming increasingly prevalent. This morning the Sydney Morning Herald reported about one individual who’s friend had their account hacked and was being used by spammers to try to get money by claiming he had been stranded in Nigeria. If you’ve been using the internet for the past couple years then you know that Nigeria is a keyword which means “spam” nine times out of ten.

Sydneysider Karina Wells also was able to determine that the individual she was talking to was not her friend but was instead a scammer, but many people are not so fortunate. I have friends who have accidentally clicked on links in Facebook that install malware, and others have had their accounts “hacked”. The most popular model used by scammers appears to be a simple phishing technique.

Users are lured to an external site which looks like a Facebook login page and asked to enter their login information. Many users have actually entered it and then in short time, have had their accounts leveraged by hackers to spam their friends, or in the case of the Nigerian scammers, try to lure friends into sending money. Facebook is completely aware of the problem at hand.

Jesse Stay, reported earlier this weekend, that Facebook had added a Captcha, to user’s walls. Captcha displays an image and requires the user to type that image into the box. It avoids automated spammers. I have yet to see this on Facebook except for those users that haven’t verified their telephone number. Forcing users to go through a Captcha process every time would become quite a hassle.

Whatever the company comes up with, it will need to come up with one soon as the spam could easily begin to drive away users if it becomes more widespread. The simple way to avoid being “hacked” is by not entering your email and password on other sites. Sometimes, people are clumsy though, so Facebook will need to have the final say in the battle against spammers.

Facebook has been viciously attacking spam but the battle is proving to be a hard one. The most recent strategy by spammers is logging into other individuals accounts and sending instant messages to everybody on an individual’s buddy list. Just this weekend I received a few spam instant messages from users that I rarely talk to.

Spam will continue to be one of Facebook’s most important priorities as they move forward. Spam was ultimately one of the factors which drove many individuals from MySpace. I know that spam was one of the reasons I left the site. False friend requests plagued the site to the point where people’s requests page was getting flooded with false friend requests.

Then again the requests from applications when the Facebook platform first launched last year were almost as annoying for many users. Fortunately for Facebook it doesn’t appear that the site has suffered a massive outflux of users. Instead since the platform launched, the site has practically tripled in size. The last thing Facebook needs is a surge in spam though and it’s clear that spammers are taking advantage of all opportunities to get to users.

That’s why Facebook filed a lawsuit against at least one spammer back in August. Facebook is using all tactics available to combat the unrelenting spammers attacking the site. While Facebook has been relatively good at combating spam, it’s not rare for me to see a spam wall posting on my friends’ profiles. This will continue to be an issue for the company as they continue to expand.

Hey you! Don’t let me catch you adding too many friends or messaging too many users or you’ll wind up getting blocked! You may have seen it yourself, a warning dialog box which pops up and alerts you that your activity is of a rate similar to someone that is abusing the system (a spammer). Every day I receive emails from people that have been banned and they can’t get access to the site and receive no response from Facebook.

How Does Facebook Know You’re a Spammer?

Facebook uses a proprietary algorithm for determining unusual usage. The system automatically disables accounts whereas the reinstatement process is manual. Facebook states that “the speed at which you are acting and the sheer number of actions you have made are both taken into account.” After a little bit of analysis it’s pretty easy to determine what methods are used for determining spam.

Here’s the factors that we’ve determined Facebook uses to block users:

• Number of friends - Do you have 20 friends or 1,000 friends? This is important because the more friends you have on Facebook, the more active you probably are on the site. As such, don’t think you’ll be able to blast out messages or wall posts to 300 people when you are friends with 50.
• Content Similarity - If you are browsing through the site and writing the exact same wall post on everybody’s wall, there’s a good chance that Facebook considers this spam activity. Get creative and switch up the content you are creating. Otherwise let’s be honest, you are acting like a spammer … right?
• Average Message Usage - How active is your Facebook inbox? If you receive 40 messages a day, you shouldn’t be punished for replying to them. [We assume that] Facebook calculates an average message usage for each user. If you fall outside a certain statistical deviation from your normal usage, you will be warned and possibly banned.
• Time - A sudden surge in usage will set off Facebook’s alarms. If you haven’t sent a message in days but suddenly send out 50, you will look like a spammer.
• Facebook Activity Factor - All of these factors (and others that we don’t know of) are used to generate an overall Facebook activity factor for each user. When your overall activity falls outside the statistical norm for you, you will receive a warning. If your usage doesn’t drop to fall within your normal usage levels within a specific time frame, you will be banned.

How to Avoid Being Blocked by Facebook

So now that you know what will get you blocked by Facebook you should pretty much know how to avoid being blocked. Don’t send too many messages, don’t post too many wall posts, don’t go adding friends at a ridiculous rate. Is this model fair? Well that’s really open to philosophical debate but Facebook has to battle spam and the easiest way to play nicely is to stay under the spam radar.

Facebook’s Internal Spam Conflict

As Kim Hart wrote in the Washington Post today, Facebook has an internal spam conflict. Facebook wants to ensure that users don’t get attacked by actual spammers. In the past year the volume of spam on social networks has increased. Both Facebook and MySpace have turned to lawsuits to try to end some of the largest spamming attacks. While Facebook wants to protect users’ right to communicate, they also want to ensure that spam doesn’t drive users away from the site.

Facebook has leveraged a model in which automated algorithms try to determine which users are spammers and ban them from the system. Unfortunately this model hasn’t completely worked as some spammers have found security holed and has leveraged those to spam users from accounts not owned by the spammer.

The bottom line is that Facebook continues their battle against spam. Just as luxury goods stores battle thieves, social networks must continuously allocate resources to battle spam. It has simply become part of the overhead in the social network business.

Facebook has been aggressive at fighting spam on their site since early on. The first step was to limit group messaging (which reportedly won’t be restricted for much longer) followed by automated restrictions on users that were sending too many messages. Well now it appears that some spammers are getting aggressive and posting on walls across the site. A developer of a top 40 application sent me an email this morning describing his daily battle with removing spam from the wall and forum for his application.

Later in the day I was browsing through Facebook and came across the a post within the “No, I will NOT invite 20 friends just to add your application!” group which had a profile picture of a nude woman and a link to a pornography site. Typical spam. I have to give credit though, after a few refreshes of the page the spam had been removed. Still, as the site grows in popularity, Facebook is facing an increasing struggle against a large army of spammers that are constantly trolling the site.

If you check out any large application or the wall of any network within Facebook, chances are you are going to see a ton of spam. Many users of MySpace were turned off after they received one friend request after another from fake users. While the misleading tactics had debatable results for the spammers, it had strong consequences for MySpace who saw an exodus of many of its users over to competing social networks. Do you think Facebook will be able to tackle the spam problem?

One of my readers just brought to my attention a new phishing scam taking place on Facebook. Apparently some users are posting wall posts that are definitely spammy. Here is one example post:

lol i cant believe these pics got posted….its going to be BADDDD when her boyfriend sees these-
http://www.facebook.com.profile.php.id.371233.cn

If you go to the link provided it displays a fake Facebook login screen that looks almost identical to the regular login page. Luckily I didn’t fall victim to this and received a comforting alert from Firefox that notified me that the page was web forgery (as picture to the left). If you received any message similar to this you should definitely report the activity to Facebook so that they can take the proper actions to prevent other users becoming a victim.

If you see a URL that attempts to duplicate Facebook you should realize that it doesn’t end with “facebook.com.” I’m sure there are already people that have fallen for the trick. Additionally, these scammers have made the login well. Once you enter an email and password it automatically redirects you to the Facebook page and will actually log you in if you enter a real email and password. Either way, don’t become a victim! You shouldn’t enter your email and password at any other URL other than facebook.com/login.php.