Facebook Sues Over ‘Likejacking’ Scam

Facebook is suing marketing firm Adscend Media in an effort to target what it described as a “clickjacking” or “likejacking” scam that has propagated junk links to millions of users and allegedly grossed Adscend millions in advertising revenues.

The scheme involves tricking users into clicking on ‘Like’ buttons by hiding them beneath another graphic, or requiring them to ‘Like’ a page before they can view promised content, most of which doesn’t exist, Facebook said in the lawsuit.

Provocative content

In one case, Facebook said, the ‘Like’ button was overlaid with what appeared to be a link to content about a man who had taken a photograph of his own face every day for eight years. When users attempted to access the content, they unknowingly clicked on the ‘Like’ button.

The use of the ‘Like’ button propagates the content to the rest of the user’s network of contacts, adding to its effectiveness because it appears to be recommended by someone known, Facebook said.

In other cases users were told they must fill out a form containing personal information or sign up for an advertising offer before accessing provocative content, Facebook said.

Facebook said that in February 2011 alone some 280,000 users visited Adscend’s bait pages, making it likely that millions of Facebook users have been exposed to the scheme so far.

Adscend has grossed up to $1.2 million (£760,000) per month in advertising revenues through the scheme, according a related lawsuit by the attorney general for Washington State.

“We don’t ‘like’ schemes that illegally trick Facebook users into giving up personal information or paying for unwanted subscription services through spam,” said Rob McKenna, Washington’s attorney general, in a statement.

Security concerns

Adscend denied it had participated in the scam: “At no time did we engage in the activity alleged in the complaints,” the company said in a statement.

The company said it was investigating whether its affiliates may have engaged in clickjacking schemes.

“If they did, we are fully certain that the activity was conducted without the company’s knowledge,” the company stated. Adscend said it may file a defamation action against Washington State and Facebook.

Facebook has faced criticism over the security of its social network, but said that currently spam accounts for less than 4 percent of the content shared on the site.

The company compared its security efforts to an “arms race”.

Sophos security expert Graham Cluley said users need to be more aware of potential scams on social networks.

“Remember to be wary of any suspicious links,” he said in a blog post on Friday. “If you really want to watch a video chances are that it’s available for free – without you having to complete any surveys – on legitimate video sites like YouTube.”