'Likejacking': Spammers
Hit Social Media
By Olga Kharif on May 24,
2012
Michelle Espinoza thought
a single photo was going to ruin her business. It was an image of one of the
pearl cuff bracelets she designs that showed up on Pinterest, a site where
users create virtual bulletin boards, grouping images in categories—whether it
be chocolate desserts or bohemian jewelry. For 10 days in April, anybody who
clicked on the photo ended up watching pornography or unwittingly downloading a
virus. “I can’t gauge how many customers I lost,” says Espinoza, a resident of
Santa Rosa Beach, Fla. “But I did have people messaging me asking, ‘Are you
linked to spam?’ I was just distraught.”
When Pinterest debuted two
years ago, e-mail was the format of choice for spam peddling diets, sexual
enhancement, and get-rich scams. Better filters have since banished many of the
unwanted missives from in-boxes. Instead, scammers are turning to social media
sites that are often poorly equipped to deal with the influx. “Social spam can
be a lot more effective than e-mail spam,” says Mark Risher, chief executive
officer of Impermium, which sells anti-spam software. “The bad guys are taking
to this with great abandon.”
Spammers create as many as
40 percent of the accounts on social-media sites, according to Risher. About 8
percent of messages sent via social pages are spam, approximately twice the
volume of six months ago, he says. Spammers use the sharing features on social
sites to spread their messages. Click on a spammer’s link on Facebook (FB), and
it may ask you to “like” or “share” a page, or to allow an app to gain access
to your profile.
Facebook and Twitter have
hired programmers and security specialists to deflect the flotsam. “Tens of
millions of dollars are spent on our site-integrity systems, including hundreds
of full-time employees,” says Facebook spokesman Frederic Wolens.
In January, Facebook sued
advertising network Adscend Media, accusing it of sending unsolicited messages
to Facebook users. A typical lure cited in the suit: “You will be SHOCKED when
you see this video. Simply “Like” this page to see the video.” By clicking on a
link, some users may unwittingly “like” the spam, a practice security experts
call “likejacking.” At least 280,214 users were tricked into interacting with
spam. About 80 percent of Adscend’s monthly revenue of $1.2 million comes from
Facebook scams, according to the suit. Adscend denied the allegations and
settled the case this month for $100,000. The company did not respond to
e-mailed requests for comment.
Twitter last month sued
spam software makers Skootle and JL4 Web Solutions, plus five individuals,
claiming that they were responsible for spam that resulted in some users
canceling accounts. Twitter, in the suit, said it spent more than $700,000 to
combat spam attacks by the defendants. Skootle has denied wrongdoing. JL4 has
yet to respond to the complaint.
Pinterest encourages users
to form a virtual neighborhood watch and report spam before it spreads. Last
month the site put up a blog post urging visitors to use its “Report Pin”
button to tag spam.
On Pinterest, spam often
lurks in the embedded links attached to photos, making it tricky for users to
spot. Espinoza, the jewelry maker, said she contacted the company at least 10
times in as many days before the fraudulent links tied to images of her bracelets
were banished. Pinterest declined to make executives available for an
interview. “Our engineers are actively working to manage issues as they arise
and are revisiting the nature of public feeds on the site to make it harder for
fake or harmful content to get into them,” said a spokesperson in an e-mailed
statement.
The bottom line: Largely
exiled from e-mail, spammers are invading Facebook, Twitter, Pinterest, and
other social networks.
Kharif is a reporter for
Bloomberg News and Bloomberg Businessweek in Portland, Ore.
Comments
Post a Comment