There's been a recent resurgence of Facebook scam pages, promising everything from Samsung Galaxy S IV handsets to free Playstation 4 consoles. You should avoid them like the plague, but people don't. How do these scams work, though?
I've been getting really annoyed at the number of "Like our page and WIN FOR DOING ABSOLUTELY SOD ALL" scams that have been popping up in my Facebook feed recently. Gently and quietly I've been trying to educate those in my friends list, but it seems like a never ending task. It's easy enough to say that there's no such thing as a free lunch, and that you should use your brain before you click on a dodgy link, but what exactly is in it for the scammers? With reference to the recent Samsung Galaxy S IV page and Playsation 4 page scams, I asked AVG's local Security Advisor, Michael McKinnon for his view on each of the pages in turn.
For the Sony Playstation 4 page (which, again, just for the sake of security, I won't link -- but it is still there), it links quickly through to a classic survey scam. In order to get the prize -- in this case, a purported Playstation 4 Beta unit -- you've got to first fill out what appears to be a consumer survey. McKinnon says that the surveys are a form of Cost Per Action advertising "that could be earning the scammer anywhere in the range of USD$1 up to USD$10 or more (depends entirely on the campaign) per completed survey. "
Not everyone will click the link or complete the survey, however. "As a rule of thumb, most base conversion rates start at 1%" McKinnon says. "Therefore from 9,935 likes, let's assume 100 people have completed at least one of these surveys. That's anywhere between USD$100 - USD$1,000 for such a stunt. And not a bad earner if you're in a country with a much weaker currency that the greenback!"
What, though, of the Samsung Galaxy S IV page, which in recent days has also offered a "Galaxy Note III"?
At the time I was chatting over email with McKinnon, it appeared to be relatively harmless with no exterior nasty links at that point. According to McKinnon, "When there are no clear motives or evidence of a criminal operation in play, these things often get labelled as being "black hat SEO" (among other names), usually for the purpose of scamming the Facebook system for extra traffic, or trading of pages, likes and even fake friends. Sometimes, however, these operations are the precursors to grooming potential victims and creating a pipeline for exploiting later."
That also highlights one of the most common responses I get when pointing out that these things are fake, with the response that "they know that, but what harm can it do?".
The problem there is that even just by liking it, you're expanding the focus of the page, making its reach larger and giving it legitimacy that it just doesn't plain have. That's presuming that it's not going to turn nasty at some later point. That's exactly what's happened with the Galaxy S IV page. When I went to check it for the purposes of this article, they've since added a link for shipping details… which hooks straight back into a survey scam.
McKinnon points out that Facebook is working to minimise the scam problem, pointing out that Facebook has its own security page, as well as arrangements with security vendors (including AVG) to spot malicious links as quickly as possible and shut them down. Based on the number of these things that seem to be popping up, I'd say that Facebook has its work cut out for it.