Facebook Like-Jacking and Need for Digital Literacy

Interesting:

Criminals Used Affiliate Marketing Sites in Majority of Facebook Scams in 2011: The vast majority, or nearly 74 percent, of Facebook attacks in 2011 were designed to lead users to fraudulent marketing affiliate and survey sites, the report found.

Affiliate marketing was a “rich source” of income for scammers, according to Amir Lev, CTO of Commtouch.

First, it’s interesting to me that the writer focuses so much on how easy it is for scammers and “criminals” (a conviction is needed to be a criminal… just saying) to use the medium of what he broadly labels as affiliate marketing. The piece focuses more on survey type deals that were so popular with the “free iPod” craze of 2003-4 in the pre-CANSPAM era.

It’s pretty easy for the legitimate businesses he sources as being defrauded to check their logs and any affiliate manager or OPM worth their salt will catch this kind of scam traffic, especially if they are dealing with the lead based side of things in the CPA and lead gen areas.

The real heart of the piece should be about the need for better digital literacy among users of spaces like Facebook (especially if they are browsing on a Windows machine with IE6 or 7).

Cue Wayne Porter

“For criminals, it was not enough to just trick users, as criminals need to make sure the attacks spread and continue to trap other people, Commtouch said. They were most likely to trick users into sharing the links almost half the time, but also tricked users into copy-pasting malicious code to trigger a cross-site scripting attack or downloading malware. Rogue applications and “like-jacking”—which employs a malicious script on the page to convert any mouse clicks on the page as a “like” that is also visible to other users—were employed in about a third of the scams.

“In 48 percent of the cases, unwitting users themselves are responsible for distributing the undesirable content by clicking on ‘like’ or ‘share’ buttons,” according to Commtouch.”

It’s fascinating to me that many of the conversations Wayne and I were having back in 2008 about a future of social-engineered badware that would find virility through good-willed sharing are coming true in 2011 and even more so into 2012.

At the root of the issue isn’t affiliate marketing or how easy it is to scam businesses. Businesses have failsafes and checks in place to catch these things (ideally). Instead, we need to have more savvy users who realize the implications of sharing or liking a suspect link or article or site.

This sort of manipulation of otherwise trusting, naive or uninformed users of the web will only intensify as more people go on the web with mobiles and tablets in the coming five years.

Leave a Reply