ie8 fix
madison

Social Business

Eileen Brown
Home / News & Blogs / Social Business

Facebook 'tag spam' targets indiscriminate friend collectors

By | January 27, 2011, 8:57am PST

Looks like spammers are taking advantage of one of social networking’s weakest links: narcissism.

Narcissism fuels “friend collecting,” which is the practice of either aggressively pursuing connections with friends of friends one barely knows, or indiscriminately accepting friend requests from unknown people. Oftentimes, the latter users check mutual friends prior to admitting a requester into their Facebook lives. This is a terrible attempted safety measure because the mutual friends might have already been duped into the add. Now, friend collectors are being taken to task by spammers who take advantage of their social networking naïveté.

With help from Tom Eston, senior security consultant from SecureState, I dug into these scams.

  1. Here’s how it works: Spammer creates a fake account.
  2. Spammer friends popular people on Facebook. The most popular users tend to have more than 2,500 “friends” and are less discriminating with their friend adds.
  3. Spammer tags the people that have accepted them as their friend on their profile picture.
  4. Friends of the person tag see this picture in their news feeds, which in the case of the below example, might persuade a click-through since the fake profile photo is usually that of a cute girl (clearly, a “super uber bored” one).

The blurred out link actually goes to a malicious site, which could be intended to do anything from phish credentials to proliferating malware. As you can see by the below example, the fake profile owner tags multiple people in the picture at once in order to try to get as many unsuspecting clickers as possible.

The best way to avoid being victimized by these types of spammers, of course, is not adding people unless you absolutely, unequivocally know who they are. Also, there are privacy settings that allow users to better lock down visibility of the photos in which they are tagged. This is possible through Facebook privacy settings by selecting “Photos and Videos I’m Tagged In” to “Only Me”. This option is a bit buried within the customized privacy settings, but the below screen shot shows the option.

Again, the best way to avoid being a victim of this scam is to avoid adding people you haven’t thoroughly vetted. If you must friend collect, the above privacy option should help keep you and your friends safe. However, if you do friend collect, chances are you’re friends with a lot of other friend collectors who could fall prey to this issue, too.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Social Business”

Topics

Facebook, Cyberthreats, Spam, Security, Spam And Phishing, Jennifer Leggio, Tom Eston, Secure State, Facebook scam, Malware

Jennifer Leggio, aka "Mediaphyter," writes about the "social business" side of social media - including enterprise, security and reputation issues.

Disclosure

Jennifer Leggio

Jennifer is employed full-time with Fortinet, a leading network security appliance vendor. She is also actively involved in the network security community and works with the Security Bloggers Network. She co-manages the annual Security Bloggers Meet-UP at RSA Conference.

Jennifer is also involved with Silicon Valley Tweet-Up, a philanthropic networking event that brings people together to raise money for local family-oriented charities.

The blog posts here are solely her opinion and do not represent her employer or any other organization with which she may be affiliated.

Biography

Jennifer Leggio

Jennifer Leggio (@mediaphyter) has been a communications professional for more than 15 years, focusing primarily on enterprise technology and security. She is currently the director of strategic communications for a leading network security vendor. Jennifer is also passionate about all things social media, especially enterprise, security, privacy and reputation issues, which is why she writes about these things for ZDNet.

A well-connected communicator, Jennifer has led or supported interactive social networking efforts for security industry conferences including RSA Conference, Black Hat USA and SOURCE Conference, and founded the Security Twits, a community for network security professionals. She also helps run communications for the Security Bloggers Network.

Finally, Jennifer co-hosts the Quick'n'Dirty social media podcast with Aaron Strout, is a founding member of Technically Women, a communal blog project, and manages marketing and public relations for Silicon Valley Tweet-Up, a networking group that raises money for family-oriented charities. Jennifer was profiled in Silicon Valley San Jose Business Journal's "40 Under 40" edition, as a rising star for 2009.

20
Comments
Add Your Opinion

Join the conversation!

Just In

sdvppcm 47 asv
ddfwekrwe79-24379097423800979037596180678655 25th Nov
glhyhj,zclaoqdh00, wcqgy.
View in thread
0 Votes
+ -
RE: Facebook 'tag spam' targets indiscriminate friend collectors
Rich Harris 27th Jan 2011
"the best way to avoid being a victim of this scam is to avoid adding people you haven?t thoroughly vetted" -> Excellent advice.
0 Votes
+ -
RE: Facebook 'tag spam' targets indiscriminate friend collectors
just-do-it 21st Sep
@Rich Harris Overall, very nice, very nice.;-) fake hermes replica hermes bags hermes replica bags
0 Votes
+ -
RE: Facebook 'tag spam' targets indiscriminate friend collectors
Rebecca Read 27th Jan 2011
Thank you! Finally there is an article/blog that I can share with my friends that backs up what I have been saying for quite some time.

I have been seeing these tagging scams for months now. It is especially popular within the gaming/application communities on FB. Scammers have even gotten wise to play the games here and there that they are supposedly adding people for and all the while tagging their 'friends' in advertising pictures. These pictures range from advertising something for within the game, to adding more friends, to shoes and other wares. All these pictures have links associated with them to web pages outside of FB, many to the same page url regardless if the picture is for the games or for other wares.

Of course I do not know or can substantiate if these profiles were created solely for this purpose or were 'taken over' by the scammers, but, I can say that many of these tag scamming profiles also create fake applications on FB to further dupe people into giving over their information. I have personally reported every tag scam I see in my feed as spam to FB, gone to the tagging 'persons' profile and reported that profile as well. I also report every scam application that I see in my feed, and that is when I started seeing the very same tagging scammers as the scam application developers.

It is a very complicated and well spread web of scam, spam and rogue applications. I can only wish that FB would start a more in depth investigation when such things are reported to them and do it sooner than what they appear to be doing at this point in time. The turtles pace at which these scams are removed from FB makes not only me but the others who are dedicated to reporting and trying to rid FB of these scams with what little means we have been given feel as though we are doing all for naught.
0 Votes
+ -
RE: Facebook 'tag spam' targets indiscriminate friend collectors
Tommy S. 28th Jan 2011
@Rebecca Read Gullible noob is gullible. FB gaming community? LOL

But seriously, FB IS SPAM. All of it.
0 Votes
+ -
RE: Facebook 'tag spam' targets indiscriminate friend collectors
Rebecca Read 28th Jan 2011
@Tommy S.
Yes FB gaming community. Regardless of how laughable that may be to some, it is still a very active part of FB. Zynga game applications have attracted some of the most scams out there. Yes people are gullible, but that does not mean that they are noobs, just overly trusting of their 'friends'.

This 'gaming community' within the social network is extremely vulnerable. There are add-me groups and pages where well intentioned people go to try to add more friends to assist them within these social games. Unfortunately mixed among these well intentioned people are others with more nefarious things in mind.

Keep in mind too that not only is it fake profiles that are tagging people in pictures, it is rogue applications as well. Many of which promise free Reward Points, more friends, items etc. When allowing these, what I would term malicious or scam applications, access to your profile the applications gain access to yours and your friends (depending on how privacy settings are set) information. Just today alone I have been tagged in two photos. Both belonging to rogue applications. The owners of the profile had no idea that this was occurring. The settings allowed to these applications let them (the rogue applications) put photos on the profiles, then to start tagging people in them. Not only that but they also can and will auto post to the profile's wall, often spamming the feeds with scams.

I don't just blame the developers of the apps, or the owner's of the profiles, or even the scammers who create them. I also put a good portion of the blame on FB itself. I know I as well as many others report these profiles, posts, and applications to FB, but their response times and even reporting features are either non-existent, turtle's pace, or out-dated.

People can be warned about the hazards and types of scams that are on FB, but that does not stop more scams from popping up each day, that use every FB feature that there is. There really must be a harder crack down on it. FB users can only do so much.

For the matter of FB being spam...well...thats your opinion which you are entitled to. Regardless of your feelings about FB it is here to stay for the foreseeable future. I see absolutely nothing wrong with the users of FB wanting to help fight scams, and still have an enjoyable online experience.
0 Votes
+ -
RE: Facebook 'tag spam' targets indiscriminate friend collectors
blueskip 28th Jan 2011
@Tommy S. Yep when you have zero friends, it certainly is. And it sounds like that is just the case with you! Have a spam free life!
0 Votes
+ -
This reminds me of the Windows-Mac controversy
bmeacham98@... 27th Jan 2011
* You have to jump through all kinds of hoops to make yourself safe. (Windows, Facebook)

* You're just safe, with no hassle. (Mac, boycott Facebook)
0 Votes
+ -
FUD
Cylon Centurion 27th Jan 2011
@bmeacham98@...

Macs can't keep you safe when the people that fall for this crap have so many bad habits. It's those habits that allow this crap to continue.
0 Votes
+ -
RE: Facebook 'tag spam' targets indiscriminate friend collectors
tr7oy 27th Jan 2011
@bmeacham98@...

Hmmm. I use Windows, I use Facebook, I don't jump through hoops and I don't have any problems. I just use common sense.
0 Votes
+ -
RE: Facebook 'tag spam' targets indiscriminate friend collectors
Shyam Madhavan Sarada 28th Jan 2011
@tr7oy Common sense isn't all that common. Ask any spammer happy
0 Votes
+ -
This reminds me of the Windows-Mac controversy?
faraboot 28th Jan 2011
@bmeacham98@...

God I hate when ppl use this lame excuse of a 'controversy'.. Mac OS is, as it has always been, just as 'safe' as Windows.
It's only due to Windows wide(r) worldwide usage that people like you tend to believe in such lie.
On the other hand, the fact that Facebook is, just as any other popular service, so interesting to spammers shouldn't be confused to people lack of knowledge (or interest) in security. Folks that have medium to little knowledge and or interest in computers, and even more, those coming from non English speaking countries (like mine), either don't care, don't understand, don't want to bother with anything other that is their point of interest. In this case, Facebook is regarded as a service for sharing and keeping in touch with people you want to, and the above mentioned 'class' of people, so to speak, use it and wants to use it, for exactly that. My point is, Facebook is, from the moment it stepped outside the boundaries of few universities, and as it became more and more popular, doomed to be 'Mecca' for both 'common' people, and everyone else that want to either sell or steal, to be found or to hide from,.. etc. As long as there are people interested in something, there will be other people interested in their interests, for the sake of their own. Or as it is written in the book : The wealth of Nations: '.. By pursuing his own interest he frequently promotes that of the society more effectually than when he really intends to promote it..' [http://en.wikipedia.org/wiki/The_Wealth_of_Nations]
0 Votes
+ -
RE: Facebook 'tag spam' targets indiscriminate friend collectors
airforcejim7 Updated - 28th Jan 2011
@bmeacham98@... wrong. Actually, if you go to a bogus website and enter your personal info, you're still screwed, even if it was done from a mac. And macs don't stop the spread of facebook spam. Facebook spam is directly created by the abuse of facebook and the use of poor judgement when networking through facebook. It is all done outside "mac land," and your facebook can be hacked just as quickly if you're a mac user. Furthermore, even though macs are not directly affected by malware, they can be carriers of malware and hence, depending on how you network, your mac could spread it to other people in your network without you realizing it.

Boycott facebook? Facebook didn't create the spam. Spam, by definition, is the abuse by a third party of something that is commonly used by us the users. If I get spam in my email, do I need to start a boycott of all email and get a mac? No. That doesn't make any sense. Spam happens when you're a dumbass and give out your email to a website that shouldn't be trusted and you can get spam in your email using a mac just as easily as any computer. Same thing with facebook.

So the answer isn't "going mac" or boycotting facebook, it is rather to stop surfing and friending like a dumbass.

So sure, you're safe. No hassle. But if a mac user is the dumbass, they're making everyone else's lives miserable.
0 Votes
+ -
RE: Facebook 'tag spam' targets indiscriminate friend collectors
drf999 27th Jan 2011
Facebook *IS* spam, period.
0 Votes
+ -
RE: Facebook 'tag spam' targets indiscriminate friend collectors
bradavon 27th Jan 2011
How adds people they don't know?
0 Votes
+ -
RE: Facebook 'tag spam' targets indiscriminate friend collectors
airforcejim7 28th Jan 2011
@bradavon I've done it before, when I was much younger and stupid about what I did online. And even if you don't, your kids might.
0 Votes
+ -
RE: Facebook 'tag spam' targets indiscriminate friend collectors
slammer55 28th Jan 2011
Facebook CEO sees your privacy as a speed bump, but a soft one. They create minor to major fiascoes every time the "Upgrade" Facebook just to see who is paying attention. It's cute, guess it works for for some people. Don't think it's all that important to have a digital social network if you have a real one.
0 Votes
+ -
I had no idea.....
jor55 28th Jan 2011
I don't access Facebook that often. the other day I got a 'so and so wants to be your friend.....' I thought, "Who the heck is ......?" I ignored it a day or so then went to the link hoping to be reminded of who this person was, and found we had mutual friends. So I 'friended' her. Then today I read your piece. Albeit feeling somewhat stupid, I am very thankful for your great 'heads up' article.
0 Votes
+ -
RE: Facebook 'tag spam' targets indiscriminate friend collectors
twaynesdomain 29th Jan 2011
Another "toy". If FB were considered a real assett, it would have a more intelligent crowd.
0 Votes
+ -
RE: Facebook 'tag spam' targets indiscriminate friend collectors
syberlion 29th Jan 2011
It's like any growing community, it usually starts out with law-abiding, well-meaning folks and as it grows, it attracts the seedier people, con-men, criminals, etc. The difference is, it's up to each one of us to band together and work towards forcing the criminal element out of the community. As long as there is data to steal, or money to be made on the unsuspecting within the community, there will be spammers. There is a special place for them in Hades, with elevator music and 24 hour info-mercials on every channel...
0 Votes
+ -
sdvppcm 47 asv
ddfwekrwe79-24379097423800979037596180678655 25th Nov
glhyhj,zclaoqdh00, wcqgy.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
Click Here
ie8 fix