By now almost every user on Facebook might have come across one of those spam posts that appear as if one of your friends shared it. Technically they did, yet at the very moment they are pretty unaware of it. The shared content in question is often related to some kind of app (i.e. one that lets you see who is spying on you by continuously visiting your profile) or some you’ve-got-to-see-this picture/video. Some of those posts are annoying but rather harmless, others can seriously damage your reputation or infiltrate malware into your browser if there’s unsecure content (flash-videos, scripts, you know them), involved. People often wonder “Why did this happen? I just wanted to see the cute little Panda baby on that other site. I wasn’t even on Facebook!”.
To prevent your profile from being spam-raped like that there are a few precautions to keep in mind which also require you to understand how certain things work.
Enter the Like button. Bluntly spoken the Like button is a mediator between your profile and the targeted content in question. If you like something, the link that directs people to the content will be shared in your Facebook profile’s timeline. The reason why you can see the Like button is the picture underlying the link. Now remove the picture from the equation, replace it with a 1*1 px transparent gif or png image and you’ll get the invisible Like button. Right now you should already see where this is going.
Find some content that people would actually like and stretch the transparent image in its width and height all over that content. Replace your invisible Like button link with a connection to the spam content you want to spread and voilà, there’s your spam Like button.
This is the stripped down approach, there are way more possibilities to perfect this procedure. You can use scripts to avoid the suspicious link-cursor when you place the button over some area that usually wouldn’t show that cursor in the first place. You may use a man-in-the-middle approach that performs the spam action and immediately directs you to the content you wanted to see thus keeping you in the dark of what just happened. The list is almost endless.
There is one specific detail that all these click-frauds have in common: You have to be logged into Facebook. If you’re logged out, you can’t post anything. If you can’t post anything, the Like-button won’t work either. Just remember to actively click on the logout because just closing the browser tab or windows won’t work.
Here’s a list of some things you should keep in mind if you want to avoid spam on your behalf
- If you don’t use Facebook, log out!
- If you come across a video or anything that requires you to “like” it first, go away! This behavior is not the way serious sites work.
- While you’re logged into Facebook, watch carefully what your friends liked. Usually if people share something, they add some kind of comment. Shares without a comment come from other sites’ Like buttons and were not manually entered. This is fine but at least have a look at the link’s address and keep in mind what kind of person shared this post. When in doubt, don’t klick on it!
- And of course, the usual: use a safe password. Remember your user-login name is your e-mail-address so anybody who knows of that address can enter it and try your 12345 password.
- Use secure browsing on Facebook and think twice before you acknowledge apps that require you to leave secure browsing.