Discuss as:

Facebook sues to stop 'likejacking' scammers

UPDATED Jan. 27, 4:45 p.m. PT

Spammers have come up with a sneaky new way to distribute their message via social media. They get you to do it. 

The scam is called “clickjacking” or “likejacking.” The spam scammers hijack your Facebook account by getting you to “like” them – whether you realize it or not – which spreads the spam to all your Facebook friends. 

Facebook and the Washington state Attorney General Rob McKenna filed separate lawsuits Thursday against the co-owners of an online advertising company called Adscend Media, LLC. Both suits claim the company violated the federal CAN-SPAM Act of 2003. 

“These spammers exploit the fact that social media engages us in an exciting new way,” McKenna said at a news conference at Facebook’s Seattle office. “Social media revolves around trust. The reason we like it is that we count on our friends to recommend news stories, books, television shows and movies to watch. Spammers are now exploiting that trust.” 

The AG’s complaint says Adscend and its affiliates send messages to Facebook users that appear to be from a friend. These bogus posts contain a link to seemingly salacious or provocative content, such as “Cannot BELIEVE a 2 year old is doing THIS,” or “{Video} OMG! See what happened to his Ex Girlfriend!” 

The goal is to get you to a “bait page” that appears to show the promised content. But it’s blocked by a message box that looks like it came from Facebook (it didn’t) that says an “Age Verification” or “Security Check” is required. In either case, you need to complete a short “survey” to unlock the video. 

The survey page has links to a half dozen or more advertising websites that pay Adscend per click. These sites collect personal information and may require the user to buy something. 

The complaint also claims this advertising scheme is designed to “propagate itself virally throughout the Facebook system.” 

Before being directed to the bait page, the user is asked to “Like” the page or click a box to continue. There’s no way for you to know that the “continue box” is booby-trapped. Click it and you’ve “liked” the spammer’s Facebook page. 

Either way, the advertisement for the bait page is posted to the user’s Wall or Timeline and is published in the Facebook News Feed to all of the user’s Facebook friends. 

Facebook says it’s been hard at work trying to block this sort of spam. 

“Security is an arms race, and that’s why Facebook is committed to continually improving our safeguards while also pursuing and supporting civil and even criminal consequences for bad actors who target our users,” Facebook general counsel Ted Ullyot said. 

Would anyone fall for such a scheme? Facebook says it believes Adscend earns more than $20 million a year doing this. 

In a statement released Friday, Adscend Media said:

Adscend Media, LLC today vehemently denied the allegations in complaints filed yesterday by the Washington Attorney General’s office and Facebook and characterized them as “absolutely and unequivocally false.”

For years, we’ve been told about the dangers of clicking on a hyperlink in an email. Now, that same warning applies to Facebook posts. Be on guard. If that it doesn’t look like something your friend would post – trust your instincts and check with them before you click. 

If you get sucked into a likejacking scheme, and you’re being led through a series of screens – assume it’s a scam. STOP! And back out before you give personal information or buy anything. 

If you find one of these booby-trapped posts on your wall, delete it and notify Facebook. They have people who work around the clock to stop illegal spam. 

More info:

 Washington state AG and Facebook target “clickjackers”