Facebook 'tag spam' targets indiscriminate friend collectors

Facebook 'tag spam' targets indiscriminate friend collectors

Summary: Looks like spammers are taking advantage of one of social networking's weakest links: narcissism.


Looks like spammers are taking advantage of one of social networking's weakest links: narcissism.

Narcissism fuels "friend collecting," which is the practice of either aggressively pursuing connections with friends of friends one barely knows, or indiscriminately accepting friend requests from unknown people. Oftentimes, the latter users check mutual friends prior to admitting a requester into their Facebook lives. This is a terrible attempted safety measure because the mutual friends might have already been duped into the add. Now, friend collectors are being taken to task by spammers who take advantage of their social networking naïveté.

With help from Tom Eston, senior security consultant from SecureState, I dug into these scams.

  1. Here's how it works: Spammer creates a fake account.
  2. Spammer friends popular people on Facebook. The most popular users tend to have more than 2,500 "friends" and are less discriminating with their friend adds.
  3. Spammer tags the people that have accepted them as their friend on their profile picture.
  4. Friends of the person tag see this picture in their news feeds, which in the case of the below example, might persuade a click-through since the fake profile photo is usually that of a cute girl (clearly, a "super uber bored" one).

The blurred out link actually goes to a malicious site, which could be intended to do anything from phish credentials to proliferating malware. As you can see by the below example, the fake profile owner tags multiple people in the picture at once in order to try to get as many unsuspecting clickers as possible.

The best way to avoid being victimized by these types of spammers, of course, is not adding people unless you absolutely, unequivocally know who they are. Also, there are privacy settings that allow users to better lock down visibility of the photos in which they are tagged. This is possible through Facebook privacy settings by selecting "Photos and Videos I'm Tagged In" to "Only Me". This option is a bit buried within the customized privacy settings, but the below screen shot shows the option.

Again, the best way to avoid being a victim of this scam is to avoid adding people you haven't thoroughly vetted. If you must friend collect, the above privacy option should help keep you and your friends safe. However, if you do friend collect, chances are you're friends with a lot of other friend collectors who could fall prey to this issue, too.

Topics: Social Enterprise, Malware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RE: Facebook 'tag spam' targets indiscriminate friend collectors

    "the best way to avoid being a victim of this scam is to avoid adding people you haven?t thoroughly vetted" -> Excellent advice.
    Rich Harris
    • RE: Facebook 'tag spam' targets indiscriminate friend collectors

      @Rich Harris Overall, very nice, very nice.;-) <a href="http://www.replica-hermes.org">fake hermes</a> <a href="http://www.replica-hermes.org">replica hermes bags</a> <a href="http://www.replica-hermes.org">hermes replica bags</a>
  • RE: Facebook 'tag spam' targets indiscriminate friend collectors

    Thank you! Finally there is an article/blog that I can share with my friends that backs up what I have been saying for quite some time.

    I have been seeing these tagging scams for months now. It is especially popular within the gaming/application communities on FB. Scammers have even gotten wise to play the games here and there that they are supposedly adding people for and all the while tagging their 'friends' in advertising pictures. These pictures range from advertising something for within the game, to adding more friends, to shoes and other wares. All these pictures have links associated with them to web pages outside of FB, many to the same page url regardless if the picture is for the games or for other wares.

    Of course I do not know or can substantiate if these profiles were created solely for this purpose or were 'taken over' by the scammers, but, I can say that many of these tag scamming profiles also create fake applications on FB to further dupe people into giving over their information. I have personally reported every tag scam I see in my feed as spam to FB, gone to the tagging 'persons' profile and reported that profile as well. I also report every scam application that I see in my feed, and that is when I started seeing the very same tagging scammers as the scam application developers.

    It is a very complicated and well spread web of scam, spam and rogue applications. I can only wish that FB would start a more in depth investigation when such things are reported to them and do it sooner than what they appear to be doing at this point in time. The turtles pace at which these scams are removed from FB makes not only me but the others who are dedicated to reporting and trying to rid FB of these scams with what little means we have been given feel as though we are doing all for naught.
    Rebecca Read
    • RE: Facebook 'tag spam' targets indiscriminate friend collectors

      @Rebecca Read Gullible noob is gullible. FB gaming community? LOL

      But seriously, FB IS SPAM. All of it.
      Tommy S.
      • RE: Facebook 'tag spam' targets indiscriminate friend collectors

        @Tommy S.
        Yes FB gaming community. Regardless of how laughable that may be to some, it is still a very active part of FB. Zynga game applications have attracted some of the most scams out there. Yes people are gullible, but that does not mean that they are noobs, just overly trusting of their 'friends'.

        This 'gaming community' within the social network is extremely vulnerable. There are add-me groups and pages where well intentioned people go to try to add more friends to assist them within these social games. Unfortunately mixed among these well intentioned people are others with more nefarious things in mind.

        Keep in mind too that not only is it fake profiles that are tagging people in pictures, it is rogue applications as well. Many of which promise free Reward Points, more friends, items etc. When allowing these, what I would term malicious or scam applications, access to your profile the applications gain access to yours and your friends (depending on how privacy settings are set) information. Just today alone I have been tagged in two photos. Both belonging to rogue applications. The owners of the profile had no idea that this was occurring. The settings allowed to these applications let them (the rogue applications) put photos on the profiles, then to start tagging people in them. Not only that but they also can and will auto post to the profile's wall, often spamming the feeds with scams.

        I don't just blame the developers of the apps, or the owner's of the profiles, or even the scammers who create them. I also put a good portion of the blame on FB itself. I know I as well as many others report these profiles, posts, and applications to FB, but their response times and even reporting features are either non-existent, turtle's pace, or out-dated.

        People can be warned about the hazards and types of scams that are on FB, but that does not stop more scams from popping up each day, that use every FB feature that there is. There really must be a harder crack down on it. FB users can only do so much.

        For the matter of FB being spam...well...thats your opinion which you are entitled to. Regardless of your feelings about FB it is here to stay for the foreseeable future. I see absolutely nothing wrong with the users of FB wanting to help fight scams, and still have an enjoyable online experience.
        Rebecca Read
      • RE: Facebook 'tag spam' targets indiscriminate friend collectors

        @Tommy S. Yep when you have zero friends, it certainly is. And it sounds like that is just the case with you! Have a spam free life!
  • This reminds me of the Windows-Mac controversy

    * You have to jump through all kinds of hoops to make yourself safe. (Windows, Facebook)

    * You're just safe, with no hassle. (Mac, boycott Facebook)
    • FUD


      Macs can't keep you safe when the people that fall for this crap have so many bad habits. It's those habits that allow this crap to continue.
      The one and only, Cylon Centurion
    • RE: Facebook 'tag spam' targets indiscriminate friend collectors


      Hmmm. I use Windows, I use Facebook, I don't jump through hoops and I don't have any problems. I just use common sense.
      • RE: Facebook 'tag spam' targets indiscriminate friend collectors

        @tr7oy Common sense isn't all that common. Ask any spammer :-)
        Shyam Madhavan Sarada
    • This reminds me of the Windows-Mac controversy?


      God I hate when ppl use this lame excuse of a 'controversy'.. Mac OS is, as it has always been, just as 'safe' as Windows.
      It's only due to Windows wide(r) worldwide usage that people like you tend to believe in such lie.
      On the other hand, the fact that Facebook is, just as any other popular service, so interesting to spammers shouldn't be confused to people lack of knowledge (or interest) in security. Folks that have medium to little knowledge and or interest in computers, and even more, those coming from non English speaking countries (like mine), either don't care, don't understand, don't want to bother with anything other that is their point of interest. In this case, Facebook is regarded as a service for sharing and keeping in touch with people you want to, and the above mentioned 'class' of people, so to speak, use it and wants to use it, for exactly that. My point is, Facebook is, from the moment it stepped outside the boundaries of few universities, and as it became more and more popular, doomed to be 'Mecca' for both 'common' people, and everyone else that want to either sell or steal, to be found or to hide from,.. etc. As long as there are people interested in something, there will be other people interested in their interests, for the sake of their own. Or as it is written in the book : The wealth of Nations: '.. By pursuing his own interest he frequently promotes that of the society more effectually than when he really intends to promote it..' [http://en.wikipedia.org/wiki/The_Wealth_of_Nations]
    • RE: Facebook 'tag spam' targets indiscriminate friend collectors

      @bmeacham98@... wrong. Actually, if you go to a bogus website and enter your personal info, you're still screwed, even if it was done from a mac. And macs don't stop the spread of facebook spam. Facebook spam is directly created by the abuse of facebook and the use of poor judgement when networking through facebook. It is all done outside "mac land," and your facebook can be hacked just as quickly if you're a mac user. Furthermore, even though macs are not directly affected by malware, they can be carriers of malware and hence, depending on how you network, your mac could spread it to other people in your network without you realizing it.<br><br>Boycott facebook? Facebook didn't create the spam. Spam, by definition, is the abuse by a third party of something that is commonly used by us the users. If I get spam in my email, do I need to start a boycott of all email and get a mac? No. That doesn't make any sense. Spam happens when you're a dumbass and give out your email to a website that shouldn't be trusted and you can get spam in your email using a mac just as easily as any computer. Same thing with facebook.<br><br>So the answer isn't "going mac" or boycotting facebook, it is rather to stop surfing and friending like a dumbass.<br><br>So sure, you're safe. No hassle. But if a mac user is the dumbass, they're making everyone else's lives miserable.
  • RE: Facebook 'tag spam' targets indiscriminate friend collectors

    Facebook *IS* spam, period.
  • RE: Facebook 'tag spam' targets indiscriminate friend collectors

    How adds people they don't know?
    • RE: Facebook 'tag spam' targets indiscriminate friend collectors

      @bradavon I've done it before, when I was much younger and stupid about what I did online. And even if you don't, your kids might.
  • RE: Facebook 'tag spam' targets indiscriminate friend collectors

    Facebook CEO sees your privacy as a speed bump, but a soft one. They create minor to major fiascoes every time the "Upgrade" Facebook just to see who is paying attention. It's cute, guess it works for for some people. Don't think it's all that important to have a digital social network if you have a real one.
  • I had no idea.....

    I don't access Facebook that often. the other day I got a 'so and so wants to be your friend.....' I thought, "Who the heck is ......?" I ignored it a day or so then went to the link hoping to be reminded of who this person was, and found we had mutual friends. So I 'friended' her. Then today I read your piece. Albeit feeling somewhat stupid, I am very thankful for your great 'heads up' article.
  • RE: Facebook 'tag spam' targets indiscriminate friend collectors

    Another "toy". If FB were considered a real assett, it would have a more intelligent crowd.
  • RE: Facebook 'tag spam' targets indiscriminate friend collectors

    It's like any growing community, it usually starts out with law-abiding, well-meaning folks and as it grows, it attracts the seedier people, con-men, criminals, etc. The difference is, it's up to each one of us to band together and work towards forcing the criminal element out of the community. As long as there is data to steal, or money to be made on the unsuspecting within the community, there will be spammers. There is a special place for them in Hades, with elevator music and 24 hour info-mercials on every channel...
  • sdvppcm 47 asv

    glhyhj,zclaoqdh00, wcqgy.