Why doesn't Facebook allow anonymous interactions

Spam marketing with Facebook apps: When your own account comments as if by magic

Facebook accounts that independently and in high frequency submit likes and comments without the actual owners of these profiles noticing anything, let alone having anything to do with it: This spam phenomenon has evidently been and has been thousands of Facebook users in the past few weeks. Users affected. We explain who and what is behind it, how the whole thing works technically - and what the black market for Facebook apps has to do with it.

These are typical clickbait posts of poor quality that have been flushed into the news feeds of many users in the past few days because friends or acquaintances of theirs have liked or commented on them: “You will never put toilet paper on your glasses again after you've seen this "His girlfriend has two vaginas - the way they have sex is intense." Or screenshots of fake WhatsApp conversations that are supposed to arouse curiosity about a photo, but which is cut off and should only be seen by clicking on the link.

Thousands of interactions on sites with hardly any fans

The mobile spam posts are flushed into the newsfeed of the friends of the users concerned

The posts were sold by pages with titles that you wouldn't necessarily expect to be liked by so many German users. Because the page names are often either in Portuguese or seem to be pure fantasy words ("Bahows Ly"). In other cases, the posts come from what appear to be fan pages with the names of widely used messaging apps such as WhatsApp or Snapchat in their title, mostly in the wrong spelling (“Snapchaat”). For almost all of the pages that we came across in the course of our research, the number of fans ranks in the one to low three-digit range.

It is all the more astonishing that likes and / or comments can often be found in the four-digit range under the posts. Apparently, all of these interactions don't actually come from the owners of the respective account. The answers to several written inquiries from Online Marketing Rockstars to corresponding users suggest this. OMR reader Darius Karampoor has also documented several cases in which Facebook users encountered such activities on their own accounts and confirmed that they were not carried out by them. The Austrian portal Mimikama wrote last week that inquiries on this topic would “flood” it.

Are Facebook Apps the culprit?

Another example of a post advertised using Facebook app spam

Often the account owners concerned do not notice immediately that their account is leading a life of its own. Because their interactions do not appear on their own Facebook profile, but are only shown in the news feeds and tickers of their friends. Only when they should ask those affected why they suddenly like or comment on such posts, they may find out about what has happened. The only possibility with which the affected users could come across it beforehand is by looking at the activity log of their own account (can be found in the menu that opens by clicking on the small triangle in the top right corner).

But how is it technically possible for thousands of Facebook accounts to post without the assistance of their users? Research by online marketing rock stars suggests that it is above all so-called Facebook apps that the spammers work with in these cases. Facebook apps can perform a variety of functions. Often they handle the data exchange between Facebook and other applications. For example, if you want to log into Spotify or Netflix with your Facebook account, you have to allow the Facebook app of the respective service to access your profile. Facebook apps can also be games or dating applications (“Zoosk”) within Facebook, or personality tests that post the result of the user on his Facebook profile after the test has been carried out.

$ 50 on the black market

In the cases we examined, spammers apparently misappropriated Facebook apps. They may have previously bought apps that once served a completely different purpose and were therefore given access rights by the users. Now the new owners are using them to generate spam traffic.

Examples of threads trading in such apps can be found in forums. "I produce apps with 'publish_action' (i.e. the authorization to post on behalf of the user, author's note)", Writes user" Chris - FB Apps "in the forum Blackhatworld.com in response to a request from a user. A script can be used to determine how quickly the accounts should like the respective posts; the rest takes place automatically. In response to inquiries from Online Marketing Rockstars, industry experts said that they had been offered several apps in a bundle at a price of 50 to 60 US dollars.

Our test account comments on its own

In one case, we were even able to reconstruct with a test account that such apps are used to like spam posts via the accounts of the users without their knowledge. Because the links in some of the posts we examined led via several redirects to Facebook apps, which then asked the user for permission to post in his name. Some of the apps looked like game or dating apps ("Angry Fish", "Exotic Match"). After we had given several of these apps the appropriate permission with our test account (which had not previously used any Facebook apps), this soon also stopped corresponding interactions without our doing.

The activity log of our test account shows that it automatically liked posts

A development comparable to that of the Facebook apps has already taken place in the area of ​​browser extensions. A black market has also arisen there, through which add-ons change hands. It is not uncommon for the new owners of the extension to add new "functions" to it (possibly even through an automatic update), with which they can display additional or alternative advertising (called "ad injection") to the users without their knowledge in the browser Sell ​​them make money.

Sometimes more than 40,000 clicks

In the cases we examined, what do the spammers get out of Facebook when users like or comment on posts there? - traffic. Promoting the spam posts via purchased Facebook apps is a cheap way to generate reach. After all, the interactions are shown to the friends of those affected. The spammers almost always use a URL shortener such as Bit.ly or Goo.gl for their Facebook posts; The click statistics can almost always be viewed for these. Some of the posts we examined had click numbers in the four to five-digit range.

The click statistics of a link that was previously posted on a Facebook page with the title "Whatsaapp" and promoted with Facebook app spam (source: screenshot)

It is not possible to reliably determine who exactly posted the posts and promoted them using spam methods. The posts that our test account interacted with contained links that redirected users across multiple pages. The first URL to which the respective link referred usually led to a domain under the top-level domain .site; the owner had always registered the domain via the “Whoisguard” feature from Namecheap and thus secured his anonymity.

Are Affiliates Behind App Spam?

Many of the posts we examined that we saw (including those from our test account) ultimately led to viral pages operated by the Westerwald-based company Me 4 U Media: 7ol.tv, Niedlich.tv and Wahnsinn.tv are part of the company's portfolio. Me 4 U also operates the cashface.de traffic marketplace, which mediates between owners of high-reach Facebook pages and operators of viral pages. There, Facebook page operators receive between four and six euros for every thousand users they redirect to viral sites. Many of the campaigns posted on Cashface lead to the company's own pages.

A look at the campaign backend of Cashface

It is not possible to say with certainty whether the spam posts we examined are possibly less serious representatives of the affiliate marketing industry who sell traffic via cashface and thus earn money - also because of the multiple redirects. Other posts we examined led to Funcloud websites; also operator of various viral sites as well as a partner program almost comparable to Cashface.

Facebook apparently quickly deletes spam apps

If the ghost likes and comments come from affiliate spammers, Facebook apparently makes life difficult for them: The postings we examined (and also liked from our test account) were usually deleted after 48 to 72 hours, as well like the apps that were used for it. Facebook is probably responsible for this - but we were not informed about the deletions by the network. "Facebook is very fast and very rigorous," says Patrick Konrad from Brand Audience, operator of the viral site Mein-wahres-Ich.de, among others. In the meantime, it is also very difficult to get an app approved by Facebook that wants users to approve posting in their name ('publish_action'). "You have to explain this to Facebook very precisely - and even then the chances are still slim." - Perhaps one of the reasons that spammers try to acquire older Facebook apps.

How can you protect yourself if you don't want to rely on Facebook to protect your own users? Anyone who has been on Facebook for a long time should check which apps can still access their profile (this is possible here) and delete unused apps - and be very careful in the future to give apps the appropriate permissions.