Facebook Events–a new vector for distributing spam

Facebook event spam notification in Notifications list - comes from a Friend

Facebook event spam notification in Notifications list – comes from a Friend


Spammers Using Facebook Events to Trick Users | ReadWrite

My Comments

Ever since its early days, scammers have used Facebook as a place to spam users with their shady schemes. Previously this was through running a message with a tantalising link surrounded by tantalising text on users’ Walls and this link would pass through to some unscrupulous site.

This has failed to work now that Facebook has achieved critical mass with users subscribing to different Groups, Pages and Personal Profiles including those that represent their interests. This situation leads to the News Feed, the user’s default view in Facebook, being full of various pieces of information from different sources.

But, over the years, Facebook introduced a notifications mechanism for events beyond potential Friend requests or comments left on a Status Update and users are more likely to check on what has been added to the Notifications list. Here, it also introduced the Event which a Facebook user can invite their Friends or Followers to depending on its settings and this allows the user to register whether they are attending or not.

Event page for spammy Facebook event

Event page for spammy Facebook event

This bas become a new path for distributing link-bait spam because these Events don’t come often in a user’s interaction with Facebook. Similarly, the default setup has it that Facebook treats the Events as something to generate a Notification about and it effectively shows up the red “Notifications” flag in the Web view while causing native clients to show a distinct alert message and audio prompt when these come in. For example, the mobile clients for iOS and Android would list the event in the mobile operating system’s Notifications tray while causing the phone to sound a distinct ringtone or the Facebook Windows clients will “pop up” a message on the Desktop with your computer sounding an audible chime.

As well, if you “accept” these Events, they will appear as a Status Update on your Wall (Timeline). Of course, it will require the user to click through to the Event page and this will show a URL for you to click through to for more details, most likely along with some tantalising pictures. These URLs are where the trouble occurs because it could lead to installation of malware on your computer or other questionable practices taking place and some of these URLs are infact obfuscated using URL-shortening services like bit.ly .

If these “event spam” notifications come from one of your Facebook Friends, don’t click on anything to do with the Event page. Rather, let your friend know that they are the victim of a spammer and suggest they change the password on their Facebook account and run a malware scan on their computer.

Leave a Reply