Facebook Spam On The Rise?

posted on 26th Aug 2010

I’m not sure if it was this article yesterday that drew my attention to the rise Facebook spam, or maybe it was a product page that contained 23 spam messages in the top 25 posts on its wall. Landing on a wall of spam isn’t an attractive sight for any visitor. Now this was an extreme case, the page was an unofficial page set up in tribute to a product no longer manufactured. It still had 120,000 fans nonetheless. But the admin of the page hadn’t posted since March so all the spam messages have gone unchecked. While at extreme end of the spectrum, it does highlight the growth of Facebook spam in recent months.

Spam on Social Networks

One of the advantages to social networks, ahead of say e-mail, was the ability to control who messaged you. On e-mail anybody could send you unsolicited junk, while social networks required permission for people or brands to join your network. That’s how Facebook practically eliminated spam. That’s not to say every social network was spam free. Myspace had a huge spam problem. You could buy a programme that would add friends and spam them with information for a gig, product or service. However, now Facebook has 500 million members it’s becoming increasingly attractive for spammers to target users of the network.

Types of Spam

The types of spam doing the rounds on Facebook usually involve and strangely worded message trying to encourage you to click ‘like’ or click on a shorted link from a service like bit.ly. The messages will always involve something be it a celebrity or a brand such as the recent McDonalds Happy Meal Horror, or the ‘I Won an iPad you can too’ kind of message.

The FSecure.com blog, has an interesting post on the stats involved in these scams. One scam, the Happy Meal post received 32,000 hits and had a conversion rate of 40%, incredibly high when compared to email spam. Thankfully the article does highlight that these scams have a short enough shelf life as users begin to spot these posts and know to ignore them. But it’s all adding to the noise. E-mail can be filtered much easier, but spam can come from people you know, meaning the user has to process the messages first to realise it’s spam.

It’s also becoming more malicious, as this post points out, spam is infiltrating messages and chat. It is possible to message someone not in your own network, on their profile just click on ‘send xyz a message’ under their profile picture. When you receive a private message you also receive an email notification. The spammers are using this to send an email pretending to be a private message from Facebook, when in fact its from a third party and trying to gain access to your Facebook account.

Facebook’s Response

Facebook know this is an important issue. Just last week they joined the board of an international coalition dedicated to curbing spam and online abuse. For now Facebook’s own blog gives some insight as to how they deal with spam;

“For example, we’ve learned that if someone sends the same message to 50 people not on his or her friend list in the span of an hour, it’s usually spam. Similarly, if 75 percent of the friend requests a person sends are ignored, it’s very likely that that person is annoying others he or she doesn’t actually know”

There is an automated system for dealing with compromised accounts and they may be disabled if links to malicious content is posted. In the case of content that has been identified as spam and blocked, the poster will be provided with an explanation of why its blocked and what to do if Facebook are wrong and the content is ok. But this is being gotten around by URL shortening services such as bit.ly. This can lead to a temporary block of a specific shortener, as was the case with Owl.ly links posted earlier this month.

In the case of malicious emails that look like private messages from Facebook, that contain what looks like a link to the network, there are some things to look out for:

1. You don’t recognize the name of the person purportedly sending the private message

2. The email “to” field does not contain my email address.

3. The message field is empty –  this is probably deliberate to prompt people to click on the link and visit the site to read it

4. If you actually check your Facebook account in a new tab or window (without clicking the link in the email) the messages do not appear in the Facebook system, only in email.

Advice for Facebook Page Admins

There’s two types of spam here. First, one for users to deal with by being more vigilant about what links they click on Facebook. Facebook’s guidelines and the tips above deal with that issue. The second I highlighted at the start – when pages become overrun with spam comments. The easiest way around this is to monitor pages more frequently, deleting spam comments. Spam messages are usually easy to identify, they always have a ‘hook’ to try and tempt readers to click a link. However, you also have to be careful so not to delete a genuine message from a loyal fan who wants to promote something of relevance. A way around this is to establish a set of guidelines posted on the page can highlight to new members what is and is not acceptable.

The Future

Pages with low to no moderation are most at risk, and with the high click through rate described above, I don’t see an end to Facebook spam. How is this going to affect the long term use of Facebook? Will pages like the one I described, overrun with spam comments, become like ‘online wastelands’ not inhabited by anybody. This could get worse if not adequately dealt with by Facebook. There’s new community pages for almost every product, brand, place or service on Facebook, and in the USA for the launch of Places Facebook added 14 million businesses in the USA to their network for Facebook Places, without notifying the business owners. There is a danger that large chunks of the Facebook ecosystem could become so overrun with irrelevant messages that it eventually starts putting people off using the service. It’s one thing having a spam filter on e-mail that is someway moderately successful, but can one be applied successfully to Facebook?