Dude, you’ve just been ‘Likejacked’ by the Fortune 500

Facebook 'Likejacking' scams can fool even the savviest users. But behind the scammers lie some of the powerful marketing firms in the world.

Is that Facebook hottie you just friended interested in more than just being friends? Yes, but not in the way you might hope. She’s probably after your data, and possibly much more.

In a TY4NS post about the scourge of Social Media Spam last week I noted how easy it is for scammers to create bogus accounts they can use for spammy purposes. Even allegedly tech savvy types can be taken in. Exhibit A: A Facebook account for one “Jessica Ceceli,” which used photos of beguiling Japanese adult star Maria Ozama to lure unsuspecting geeks – including some highly recognizable tech journos – into befriending her.

Shortly after I posted that item Jessica changed her account name to “Nadja Castelle.” Everything else remained the same. 

At the time I conjectured that Jessica/Nadja was some kind of sleeper social media account created to cull information from influential journalists and maybe induce them to endorse products online. The real explanation is both simpler and more evil.

Further investigation reveals that Jessica/Nadja is trying to drive people to visit a series of Web sites that allegedly change their Facebook icons from blue to pink. She’s posting these links in French, possibly in the hopes that people will click them without taking the time to translate.

fb jessica now nadja wall post cropped.jpg

Visit fbeditionrose.com, editionroseplus.com, or nouvelleroseplus.com, however, and you could possibly catch something even nastier than you might get from Jessica/Nadja/Maria herself. When I tried to click those links, Norton Online Security threw up a big Do Not Pass Go, Do Not Collect $200 sign.

The reason? These sites employ a “Manual Sharing Scam” – better known as “Likejacking.” Click on them and they automatically post a notice on your wall saying you “Like” the site, in an attempt to spread virally. As your friends see this, they will allegedly take the bait, click the link, and spread the scam to other people.

fb jessica now nadja norton security 2-cropped.jpg

I got the site to load on my Apple iPad, where I discovered that it eventually lead to another site called Big Buck Surveys. There I was asked to surrender my email address and other personal information to get a chance at winning lunch at Taco Bell for a year. According to that bogus Facebook page, I had to fill out the survey to "verify" that I qualified for a pink Facebook logo.

fb jessica nadja bigbuck surveys 600p.png

No thanks, I’d rather gnaw my own foot off than eat a single lunch at Taco Bell.

Because the site can install software on your computer, this scam could also be used to a) infect your system with malicious code, b) steal passwords or financial data, c) recruit your computer into a zombie botnet, or z) all of the above. The names of one of the PHP scripts that run on these sites matches one found at Koders.com that uses an SQL injection flaw to steal passwords. Might be a coincidence, might not.

Using one of my secret identities I logged onto Facebook and friended J/N. He/she was apparently surprised by this, because a minute later J/N opened a chat window and started grilling me in badly fractured French. I responded using the remnants of my high school French class (thank you, Ms. Judy Hendrix) and Google Translate. Therein commenced possibly the most atrocious dialog in the historic of the Gaulic language – and mine was still better than J/N’s.

She said she was a 29-year-old florist, her real name was Cecelia and that “Nadja” was really the name of her neighbor in the Ivory Coast. She asked me if I was married and if I had an MSN account. She avoided answering my question about whether that was her real photograph. When I asked why so many of her FB BFFs were journalists, she decided she’d had enough of our little tete-a-tete and disconnected. So that part remains a mystery.

My guess: J/N lives in the Ivory Coast and this is her job – trolling Facebook for victims and collecting affiliate payouts for the suckers who bite. He/she is still out there trolling for victims as I write this, though I suspect not for long, as her account has already been flagged by at least one of her “friends.” No matter. She’ll just pop up again using another fake identity, and the cycle of scams will continue.

I don’t blame J/N for this though. I don’t even blame Facebook. I blame Q-Interactive, a lead generation firm that is the parent company of Vente, which in turn produces Big Buck Surveys and a thousand others like them. Ever heard of CoolSavings.com? That’s Q-Interactive.

These companies, whose clients include some of the best-known brands on the planet (General Mills, Walt Disney, American Express, Pepsi, Target), are essentially legal spammers. They dangle prizes in front of people to harvest their personal information, then sell it thousands of times to their clients, as well as the direct mail, email, and telemarketing industries. 

If there wasn’t a financial incentive for this kind of Facebook scam, it wouldn’t happen. Q-Interactive could police its affiliate networks for scammers, if it really wanted to. But that would cut down on leads and cost Q-Interactive money. The fact that these scams are so widespread is proof they’re doing an extremely poor job of that – if they’re even trying at all. 

Ticked off about Facebook scams? Blame the companies who profit from them.

Got a question about social media? TY4NS blogger Dan Tynan may have the answer (and if not, he’ll make something up). Visit his snarky, occasionally NSFW blog eSarcasm or follow him on Twitter: @tynan_on_tech. For the latest IT news, analysis and how-to’s, follow ITworld on Twitter and Facebook.

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies