Facebook’s internal filter failed to catch political ads that were actually malware and scams: report

Tuesday, January 02, 2018 by

Facebook has been shown to have a propensity to remove, hide, or outright ban content that it doesn’t find acceptable for its pages. But it’s not uncommon to find stuff that’s not supposed to be on the site from time to time. Case in point: a political ad that first appeared on Facebook back in September of 2017 led people to believe that it was going to reveal something about President Trump and his approval ratings. But it was actually something more sinister.

Instead of revealing any information, the website that the ad was linked to tricked users into thinking that their devices were “infected with viruses, spywares and pornwares,” and gave them a tech support phone number to call. Computers became frozen shortly after the ad was clicked, which made some users think that they had a real problem. According to computer security experts who had kept an eye on it for more than a year, the ad was actually part of a huge scam that targeted unsuspecting victims on the social media platform, ProPublica reports.

As it turns out, this particular political ad — which used the headline, “New Approval Ratings For President Trump Announced And It’s Not Going The Way You Think” — was just one of many that ran on the site to bait users and later attempt to get money out of them. While this one targeted individuals who were mainly over 40 and labeled as “very liberal” by Facebook, other ads targeted other demographics. The ads used provocative statements and were centered around well-known individuals in the political scene, such as former U.S. President Barack Obama, Fox News commentator Sean Hannity, and presidential counselor Kellyane Conway.

Major problems

According to Jérôme Segura, lead malware intelligence analyst at anti-malware company Malwarebytes, there’s a lot of activity from scammers on social media because what they’re doing currently works. “Those political ads, especially right now if you look at the U.S., they are actually getting more clicks,” explains Segura. “Where there are clicks, there is going to be interest from bad guys.”

All in all, ProPublica says it was able to amass a total of 8,000 politically themed ads sourced from Facebook via its readers. They found many ads that didn’t adhere to Facebook’s guidelines, of which some turned out to be total scams. Some ads even went up despite being flagged by several different organizations, ranging from fact-checking groups to cyber-security services, and even the Federal Trade Commission (FTC), way before they showed up on Facebook.

This shows that Facebook’s internal filter couldn’t match the pace at which scammers operate, leaving its users open for tricksters and abusers. Outwardly, the company claims to be very tough on scams and malware but the above instances show that there are huge cracks in their armor.

Definitive actions

According to Rob Goldman, Facebook’s VP of ads, there’s a zero tolerance policy for malware on the site. However, that’s not the same thing as zero occurrence. As such, he says the company tries to simply be aware of everything that is going on and immediately take action as soon as they catch wind of anything that shouldn’t be happening.

Facebook COO Sheryl Sandberg, meanwhile, admitted in an interview with Axios that they had indeed missed “more subtle” election references because their main focus was on other things: malware and phishing, which tricks people into revealing their personal information and giving access to their online accounts. ProPublica rightly points out that it’s unclear whether Facebook can handle either of those two challenges.

Should the largest social network in the world be held more accountable for these instances of attack on its users? If nothing else, they should prevent these things from happening as soon as possible.

Read more about what’s happening with Facebook at MarkZuckerberg.news.

Sources include:

ProPublica.org

Axios.com



Comments

comments powered by Disqus