Spam is more effective via Facebook than email – but people are catching on fast. That’s the conclusion from anti-virus firm F-Secure, quoted in this story in Information Week.
Sean Sullivan, a security adviser at F-Secure, studied two recent spam campaigns that purported to be about a McDonald’s “Happy Meal Horror” and used bit.ly short links. Sullivan found a statistics dashboard tied to the attack and discovered that the spam campaign had netted a combined 32,000 clicks and 15,000 “likes” on Facebook. One link had a conversion rate of clicks to likes of 40% and the other 48%. His blog post on F-Secure lays out all the details and makes for quite interesting reading.
In terms of spam, “40% is an excellent conversion rate, much better than e-mail spam,” said Sullivan. “However, the 32,000 clicks is far less than similar spam from just two months ago when we saw several examples of viral links that yielded hundreds of thousands of clicks.” The links pointed to a cost-per-action survey but few people actually filled this out.
Sullivan said the good news was that people seemed to be growing wary of Facebook spam, but the bad news is that the attacks would likely continue because it didn’t take many people filling out surveys or signing up to bogus SMS subscriptions in order to make it worthwhile for the spammers.
A number of Facebook users have had their accounts compromised, allowing spam to spread on Facebook through status updates, chats and private messages. Generic email spammers have also been masking their emails as Facebook messages to encourage higher click-through rates, in a variation of a phishing scam.
Facebook is taking all this very seriously and is aggressively filtering many pages. The social networking site has also joined the board of directors of the industry-wide Messaging Anti-Abuse Working Group.
I’m not hopeful for a solution. In two decades of the World Wide Web, we’ve yet to eliminate email spam. The best we’ve managed to do is develop robust spam filters and train people to recognize spam for what it is. Yet clearly spammers still find it worth their time to send dodgy emails and to go to great lengths with proxy servers and the like to do so.
Like email spam, I imagine that Facebook spam will exist as long as there are people who are fooled long enough to click and spread the message. Hopefully that number will decrease in time as education efforts take effect. And perhaps some sort of technical solution can at least reduce the volume or filter messages for review.