So I was wasting time on Facebook yesterday, procrastinating my 237 overdue deadlines, when I noticed something odd. In my news feed I saw that my long-time friend Kim had liked “fi uoy nac daer siht sserp ekil.” (If you can read this, press like.) Warily, I clicked the link included in her post. It was dead – Facebook had killed it, citing complaints that it was abusive.
I scrolled down my news feed. More weird “likes” jumped out.
Trevor had liked “Don’t ask for my opinion and get mad when I tell you the truth.”
Fabrice had liked “I feel sad today please LIKE me to make me happy.”
Palwinder had liked “People who make an effort to stay in your life, no matter what happens.”
Bennett had liked “When life gives you lemons, throw them back and demand chocolate.”
My first thought was that their accounts had been clickjacked – hijacked by nefarious scammers who use Facebook’s like feature to install malware on their systems. But no. When I contacted them, most of my friends remembered seeing these statements in their news feed and reflexively hitting the “like” button.
The truth was much simpler and yet somehow slimier than clickjacking. It was “Like” spam.
Every one of these vague, easily endorsable statements linked to a different “like” portal – extremely similar sites with names like FBlike, Img-Mee, and LikePortal -- whose entire purpose is to lure people in using Facebook’s Like API and get them to click on ads.
One ad, on a Like portal called Blored, leads to a “quiz” about Apple iPads that ends with an entry form for you to enter your cell phone number.
If you’re stupid enough to do that, your wireless account will automatically be charged from $7 to $20 a month, depending on your provider, for the chance to “win prizes” from PrizeKing.com. The owners of Blored pocket $6 to $9 for each sucker they get to sign up. Nice.
This isn’t illegal. It is, however, extremely slimy. And Facebook’s new “Like” feature makes it all possible. Isn’t that special?
It took about a month for spammers to figure out how to exploit Facebook’s Like button – first for malware, and now for spam. I’m sure that’s not what Facebook intended. But now we, and they, are stuck with it. And if it proves profitable for the Like spammers, well, you might as well kiss the Like feature goodbye. I don’t put much faith in Facebook being able to solve this problem. There will be so much spam that it, like email, “Like” will be rendered more trouble than it’s worth.
Thank you, Facebook, for adding yet another annoyance to our digital lives.
By the way, if you do suspect your account has been clickjacked, Sophos Security’s Graham Cluley suggests you do the following:
“If you do believe you have been "likejacked", or if you have simply "Like"d a page and have decided you've now changed your mind, here's what you do:
* Remove the update from your newsfeed (so your friends will no longer click on it)
* Enter Edit profile/Likes and interests and remove the "Liked" page from your list of Pages you like (you may have to click on "Show other Pages")
* Go to "Privacy Settings" and edit your settings for "Applications and websites" in order to check that you have not inadvertently added any unwanted applications.
* Be more careful next time!”
He also suggests that using Firefox with the free No Script plug in will also curtail clickjacking attempts. It won’t do a damned thing about Like Spam, though.