Facebook Attacks Feed Fraudulent Affiliate Marketing Sites

SUNNYVALE, Calif., Dec. 28, 2011 /PRNewswire/ – Commtouch® (Nasdaq: CTCH) today published an in-depth analysis of 2011 Facebook attacks within its Internet Threats Trend Report, a year-end synopsis of Internet threats. The report and infographic present a comprehensive analysis of scores of malicious Facebook activities during the past year, as identified by Commtouch Labs.

Affiliate marketing sites are the final destination in three-fourths of all Facebook deceptions, according to the report. Visitors to these sites are induced to fill out surveys that generate affiliate payments for the scammers, victimizing legitimate businesses that pay affiliate fees.

Users are induced to click on the scams through social engineering tactics such as free merchandise offers, celebrity news, new (fake) Facebook applications, or simply a trusted friend sending a message stating: “You have to see this!”

After users first click on the scams, malware or malicious scripts are to blame for the further spread of slightly over half the analyzed scams, with those falling into three main categories: likejacking, rogue applications, and malware or “self-XSS,” each of which is described in the report.

In 48% of the cases, unwitting users themselves are responsible for distributing the undesirable content by clicking on “like” or “share” buttons.

“Facebook scammers are out to make money, and affiliate marketing is a rich source,” said Amir Lev, Commtouch’s chief technology officer. “The same social engineering techniques that malware distributors and spammers have been using for years to induce people to open their unwanted mail or click on malicious links are being leveraged within Facebook and other popular social networks for ill-gotten gains.”

Leave a Reply