On Friday, Facebook announced that it had succeeded in taking down an extensive fake spam account operation. Their strategy was to target popular publishers with fake likes so as to gain more Facebook friends that the spammers would then in turn spam.
This operation has been going on for the last six months and was talked about in depth by Shabnam Shaik, a Facebook technical program manager, in a recent post on its security blog Friday.
These unknown groups behind the scam had created an extensive amount of fake accounts, which then began liking a publisher’s page and pushing out fake comments on to them.
The source of these accounts appear to be in Indonesia, Saudi Arabia, Bangladesh, and in several other countries, Shaik described.
These groups employed “advanced tactics to hide that their activities were part of a carefully planned strategy. They employed a variety of hacks to avoid being caught, like using proxies to redirect traffic in order to hide data associated with their location.
Facebook believes that the idea behind it all was to gain new Facebook friends by commenting on and liking these pages in order to find friends to spam. Facebook has stated how it has removed a great number of fake likes from the pages and estimated that 99% of pages affected with over 10 000 likes would not see more than a 3% decreases in their ‘like total.’
This is just the latest iteration of a cat and mouse game between the social networking site and spammers. Spammers are willing to play a long game in these operations, which means it can be hard to detect if an account is fake, said Zubair Shafiq, a computer science professor from the University of Iowa who studies Facebook security and fake accounts.
“In order for spammers to keep their fake accounts active and make more money, they need to make sure these accounts look real enough so that social networks don’t block them,” he said.
The campaign that was Facebook was able to stop did not look active yet, as they many of the accounts were dormant after liking a large number of pages. This suggests that “they had not been put into action in order to actually connect with real facebook users and then send spam messages to those individuals,” Shaik said.
Facebook was not willing to provide details into how many of its publishers’ sites were targeted by this spam campaign nor would they divulge how many fake accounts they had been discovered through their investigation.
But USA Today has confirmed it was one of the publishers that had been impacted by the spammers. The parent company Garnett had previously noticed and flagged suspicious activity it had observed on its page for Facebook.
Why create fake accounts? They are common in developing nations and can be a source of spam, have their potential likes sold, sell black market cyber tools or to boost someone’s ranking on a search engine.