Responding to critics in the US Congress and elsewhere who say Facebook isnt doing enough to stop the flow of disinformation, the social network in recent days has purged hundreds of accounts it found were designed to sway elections, sow social division, and prop up ruthless governments. The focus has left an opening for scammers who routinely use Facebook to send unsuspecting users to fraudulent dating sites.
Randy Abrams, a senior security analyst at Webroot, told Ars that the account belonging to one of his family members was recently compromised. The people behind the compromise used the hacked account to send Abrams requests to like various accounts, which all showed images of scantily clad women inviting visitors to view videos. Many of the fake profiles had followers and likes in excess of 6,500, an indication the scam has been gaining traction. At the time this post went live, the campaign remained active, even after Ars reported it to the company's PR representatives.
The videos redirected to a variety of sites that invited viewers to meet nearby women who wanted sex. Many of the images on these sites showed nude women and asked visitors to enter credit card numbers to proceed. Clicking the browser's back arrow created an endless series of new sites. The only way to get out of the never-ending loop was to close the tab.
"I reported the pages repeatedly," Abrams said, referring to both the fraudulent profiles as well as the family member's compromised account, which for the past four days has been blasting out requests to like the profiles. "[Facebook] won't do anything about it."
Attention turned elsewhere
These types of scams were once the kind of thing Facebook scripts mostly caught on their own. And in the event scripts missed the pages, such campaigns were something Facebook would quickly eradicate once they were reported by users. As noted earlier in this post, however, the swiftness of scam takedowns was before there was widespread acknowledgement that Facebook has become one of the preferred platforms for spreading misinformation.
On Friday, according to The New York Times, the social network closed 251 accounts belonging to Americans who were amplifying false and misleading content in a coordinated fashion. On Monday, Facebook took down an unknown number of accounts with more than 1.3 million followers. While the clandestine accounts posed as sources for entertainment and beauty information, they were being secretly used by Myanmar's authoritarian government "to post lurid photos, false news, and inflammatory posts, often aimed at Myanmar's Muslims," the NYT said.
In an email to Facebook representatives, Ars provided links to 11 fraudulent profiles used in the dating scam campaign. Within a few hours, all 11 were taken down. Facebook, however, has yet to take down 11 other profiles being used in the same campaign. The compromised account belonging to Abrams's brother was also still active, and as of Monday afternoon, it was still being used to blast out requests for scam pages to users.
Examples of fraudulent profiles that remained active included:
hxxps://www.facebook.com/Sophia-George-405820036566366/
hxxps://www.facebook.com/Molly-Payne-181591389228057/
hxxps://www.facebook.com/Maya-Schmidt-236768240239896/
hxxps://www.facebook.com/Christine-Murphy-425039137971266/ and
hxxps://www.facebook.com/Maya-Patel-1005398432971886/
The pages all offered videos that linked to pages on Tumblr. When clicked, the Tumblr pages would quickly redirect visitors to adult dating sites. While there's no evidence the redirected pages are being used to exploit security vulnerabilities that could install malware on unpatched devices, no technical reason prevents the people behind the scam from doing so. Abrams found that the 11 live profiles had 73,973 followers and slightly fewer likes. It's hard to know how many of those followers and likes were from real users. The comments left on the profiles, however, appeared to be legitimate.
The scam pages share a variety of common characteristics, and in many cases they use the same profile pictures. This type of scam should be easy for a site as sophisticated and well-resourced as Facebook to uproot. But four days after Abrams began reporting it, the campaign remained active, with the exception of 11 profiles Ars reported to PR representatives.
The Facebook representatives have yet to explain why the security department is having such a hard time dismantling the campaign. People who use the site should remain alert.
[contf] [contfnew]
Ars Technica
[contfnewc] [contfnewc]