Tuesday, November 10, 2009

The confession of a Facebook scam maker

Everyone is social networking. Privacy is dead. Social media are the information jungle where personal data are rife and threats are real. I always advocate: be open and enjoy the transparent information environment, but be careful out there. It is very important to know the risk. So it is really a surprise when I read an article in Techcrunch written by an ex-Facebook scam maker giving first hand information on the technique he used to trick people. You may read the full article yourself.

Dennis Yu is the CEO of Blitzlocal, a web advertising agency. Before that, he did a lot of work on Facebook advertising which were mainly spams and scams. In June 2007, Facebook opened up their application developer platform so that anyone could build games on top of the social network. Users could share quizzes, race cars, grow vegetables, and so forth, all with a click of a button. Users in one click gave the game permission to access their profile data. By having access to user data, game developers could make their games more interesting.

Facebook had not considered what was possible when the game developer passed on user names, profile pictures, and personal details on to an advertiser. The result was that advertisements thus created looked like they were from Facebook, with the same blue button, white background, and the same font. Also, your profile picture, your name and that of your friends, were put in the advertisement. By early 2008, the platform was generating 400 million impressions a day, as people poked, bit, slapped, kissed, and drop-kicked each other on Facebook.

You may think that all such advertisements are just trying to sell something online, like flowers on Valentine's Day or automobile insurance. However, Dennis Yu did a research and realised that people on Facebook were not interested in shopping. The advertisements were just trying to optimize online traffic. They just tried to trick people into doing the following things. First, click and access a website which could be malicious. Second, download something like a toolbar or interesting things which could also be malicious. Third, give up their email address, or even their phone number.

We are always asked to be careful in opening suspicious links. In Facebook, you should also be careful about familiar links. Because user profiles, photos and lists of friends are commonly available to the advertisers and scam makers, messages from friends should be viewed with caution. These messages may directly address you in the name of your friend with their photo in it, just like the everyday Facebook messages or writings on your wall. Of course this does not simply mean that you should lose trust with everyone. Just be careful if you find your friends suddenly doing something unusual. If in doubt, send them a message to confirm before clicking on something.

No comments:

Post a Comment