You gotta hand it to Facebook scammers. Every time the social network introduces a new way to share your information against your will, some devious slimeball figures out how to game it in order to make money.
Today I ran across a scam exploiting the open nature of Facebook – and demonstrating why making Facebook Pages and Groups opt out instead of opt in was such a stupid idea.
It couldn’t be simpler. Some unknown user added me as an administrator of a page titled “IPad2 Testers Wanted.” Clicking on that notification lead me to a bogus page with that name. Before I could even register a complaint, that page redirected to another Web page outside Facebook’s domain called Testandkeepappleipad2. Here I saw the following screen:
[img_assist|nid=163263|title=Facebook iPad 2 Tester scam|desc=|link=none|align=center|width=523|height=334]
Clicking OK led to a page called FreePrizeRewards.com, which is a classic Net marketing scam. Hand your information over to them (by completing 10 “sponsor offers”) and the odds of you actually receiving a free iPad are almost nil. However, you should plan to spend the next two years fending off telemarketing calls, junk mail, and sleazy spam offers.
[See also: Did Anonymous hack Sony? Baloney. ]
Pretty much every “free” iPad or Xbox offer circulating across the WebberNets for the past ten years has lead to some kind of site like this. FreePrizeRewards is registered to a company called Vision Survey Solutions, which is likely just a shell company for hundreds, possibly thousands, of other sites, all of which are built to collect cash payouts for what is euphemistically called “lead generation.”
Every time you sign up for some trial offer from, say, Netflix or the New York Times or VideoProfessor, these scammers collect money via one of those company’s affiliate schemes. By the time these companies track down the bad seed affiliates, they’ve moved on to another scam.
If you think this is an isolated incident, think again. A cursory search on Facebook turned up dozens, and possibly many more, nearly identical groups. After a while I just gave up counting.
[img_assist|nid=163265|title=facebook ipad 2 tester scam groups|desc=|link=none|align=center|width=587|height=529]
Fortunately this scam was relatively harmless – they just wanted my information so they could badger me endlessly with marketing offers. But it could have been much worse. Imagine a redirect that took me to a site with a drive-by malware install, for example. Or a phishing site that stole my login credentials. It’s a huge security problem. And given how prevalent it is on Facebook, it’s not clear whether Facebook is even aware of it, let alone knows how to fight it.
I know enough to not fall for a “free iPad” scam (and I hope you do too). But when you can get sucked in by merely clicking on a notification inside Facebook, that’s a systemic security problem Facebook needs to address, as soon as humanly possible.