Facebook breaks up fake account ring targeting publisher pages
SAN FRANCISCO — Facebook announced Friday it has disrupted an extensive fake account scam operation that targeted popular publishers’ pages with false “likes” in an attempt to fraudulently gain more Facebook friends the scammers later planned to spam.
The company has been fighting the spam operation for six months, Shabnam Shaik, a technical program manager at Facebook, wrote in a post on its security blog Friday.
The unknown group behind the effort had created large numbers of fake accounts, which then “liked” the publishers’ pages and posted comments on them.
The accounts Facebook found were made to appear as if they were located in Bangladesh, Indonesia, Saudi Arabia and a number of other countries, Shaik wrote.
The group behind the activities used “sophisticated means that try to mask the fact that the accounts are part of the same coordinated operation. They used tricks to avoid detection, including redirecting their traffic through ‘proxies’ that disguised their location,” she wrote.
The social media company was able to remove a “substantial” number of fake likes from the sites, it said, estimating that all but 1% of the affected pages that had more than 10,000 likes would see a drop of no more than 3% in their likes.
It’s another example of the cat and mouse game between spammers and social networking sites. The spammers are playing a very long game, creating realistic looking accounts that like and comment on multiple pages, so the accounts can be used multiple times, said Zubair Shafiq, a professor of computer science at the University of Iowa who studies Facebook fake accounts and security.
“For spammers to be able to sustain their fake accounts and generate more revenue, they have to make these accounts look more realistic so it’s harder for social networks to block them,” he said.
The campaign Facebook stopped did not appear to have been activated yet, as the bulk of the accounts went dormant after liking a number of pages, Shalik wrote.
This suggests “they had not been mobilized yet to actually make connections and send spam to those people,” Shaik wrote.
Facebook did not give numbers for how many publishers’ sites were targeted by the campaign nor would it say how many fake accounts were tied to the attempt.
USA TODAY was among the publishers impacted by the spammers. Parent-company Gannett executives had previously noticed and flagged the suspicious activity for Facebook.
“USA TODAY NETWORK takes great pride in our journalism and the trust our consumers and advertising partners have in us. Since we first brought this issue to Facebook’s attention, we have been in close communication with them and look forward to a swift solution that prevents this illegitimate activity from happening on our Facebook page in the future,” said Maribel Wadsworth, the chief transformation officer of Gannett and USA TODAY NETWORK.
Thursday Facebook said it was rolling out a new program to find and kill off sham accounts by looking for patterns such as repeated posts of the same content or an increase in messages sent.
These accounts are typically created by illicit firms in developing nations and are used to send out spam, sell black-market cyber tools, launch credential-stealing posts or to “like” businesses in order to make them more popular on the site and also potentially to boost their rankings on search engines.