Tag Archives: facebook

Facebook Attacks Clickjackers

Leave a reply

Today The Official Merchant Services Blog takes a look at one of the latest and most twisted developments in online marketing: Clickjacking. This topic comes up because of a new lawsuit that is making the news. Facebook has filed a lawsuit against the company Adscend Media. The suit claims Adscend developed targeted spam campaigns and encouraged others to spread spam using a variety of tactics — including clickjacking.

According to Wikipedia, Clickjacking — also called User Interface redress attack, UI redress attack, or UI redressing — is a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. A vulnerability across a variety of browsers and platforms, a clickjack takes the form of embedded code or a script that can execute without the user’s knowledge, such as clicking on a button that appears to perform another function.

Joining Facebook in filing against Adscend Media was the Washington State Attorney General Rob McKenna. A statement released by McKenna says: “We don’t ‘like’ schemes that illegally trick Facebook users into giving up personal information or paying for unwanted subscription services through spam. We applaud Facebook for devoting significant technical and legal resources to finding and stopping scams as soon as possible – and often before they even start. We’re proud to join forces in order to protect Washington consumers.”

In addition to Adscend, Jeremy Bash and Fehzan Ali, co-owners of the company, are named in the suit.

Jacking for Likes

Here’s how clickjacking scams, such as the ones described in this lawsuit, work:

Scammers design Facebook Pages to look like they will offer visitors an opportunity to view provocative content. They then require the user to complete a series of steps before they can view the content. These steps are designed to lure Facebook users into visiting websites that deceive them and get them to reveal their personal information. In terms of what this particular lawsuit is focusing on, Facebook users are encouraged to click the “Like” button on the scammers’ Facebook Pages. These like-clicks then alert the user’s friends to the existence of the scammers’ page. Then they are told that they cannot access the content unless they complete an online survey or advertising offer.

In one example noted in the complaint, the scammers overlay the Facebook “Like” button with a link that promises to reveal the results of: “This man took a picture of his face every day for 8 years!!” Of course, the promised content often does not exist and the tricked user is then directed through a series of prompts taking them off of Facebook and through a host of unrelated advertising and subscription service offers, where the scammers receive money for each misdirected user.

In another example, a Facebook user would see a link to a video on a friend’s wall. If the user clicked on the link, a pop up would appear asking the user to verify their age. Clicking on the verification box, the user would unknowingly share the video on their own Facebook wall.

In some cases, Facebook users don’t even need to click the “like” button to spread the spam on their Facebook pages. In the process called “clickjacking,” a hidden code in enticing-looking links activates Facebook’s “like” function and puts it on the users’ friends’ news feeds.

How this Affects SEO

We bring up this lawsuit to draw attention to this black hat and negative advertising practice. It can have a big impact on SEO and online marketing for businesses. Spam is never good and so on the most basic level if you get your own Facebook page wrapped up even indirectly with this type of scam, Facebook could take action against your business page. Beyond just that, there’s the negative PR that comes from being linked to a spam scam. If people think you are spamming them, you’ll lose more “fans” and “likes” than you would ever gain by the scam campaign.

Facebook is a powerful marketing tool, but as a merchant you should be aware of the pitfalls and obstacles you can encounter while using it. Stay on top of issues like this, and you can avoid any potential long-term harm to your SEO and consequently your business.

What to do if You Get Scammed

If you do make the mistake of clicking on a link spread via a clickjacking scam, follow these easy tips to lessen the damage:

  • Check your Facebook news feed and remove any offending links that you might have spammed out to your friends.
  • Hover your mouse over the top right hand corner of the post and you should see a small “x” which will allow you to remove it.
  • If you entered your mobile phone number, you should keep a close eye on your cellphone bill and notify your carrier to prevent bogus charges from stinging you in the wallet.
  • Remember to be wary of any suspicious links. If you really want to watch a video chances are that it’s available for free — without you having to complete any surveys — on legitimate video sites like YouTube.

Going forward, it’s essential that you stay informed about the latest scams spreading fast across Facebook and other internet attacks. Keep following The Official Merchant Services Blog, or the Host Merchant Services Facebook Page, as we routinely update both with the latest news and information on any tech industry issues that affect businesses and merchants.

Adscend Denies Clickjacking

According to this Computerworld article, Adscend Media has denied the allegations filed against them. The company said in its own statement responding to the filing of the two lawsuits, “At no time did we engage in the activity alleged in the complaints.”

The article also states that Adscend is pointing the finger at its own affiliates, claiming their customers shoulder the culpability: “Adscend is hired by advertisers that pay the company each time someone clicks on their page or advertisement. Adscend in turn often hires affiliates to drive traffic to the sites. It’s those affiliates that Adscend is now pointing a finger at. ‘We are undertaking an investigation to determine whether any of Adscend Media’s affiliates engaged in the activity alleged by the Attorney General’s office and Facebook. If they did, we are fully certain that the activity was conducted without the company’s knowledge,’ the company said in its statement.”

The Washington Attorney General’s office doesn’t buy that claim and replied in the suit that: “Defendants create and provide their affiliates with technology that is designed to deceive Facebook users into visiting websites that pay defendants for the referral traffic. Defendants encourage and pay their affiliates to create Facebook pages that are titled and designed to ‘bait’ users into visiting other websites.”

Mobile Gift Cards

Leave a reply

The Official Merchant Services Blog continues its ongoing coverage of the upcoming holiday shopping season and how it will impact the thriving E-Commerce industry. Yesterday’s blog took a look at some of the statistics revolving around 2010’s holiday shopping profits as well as detailing a trend among online shoppers to begin their holiday shopping in the summer months. We also promised that today’s blog would show how gift cards and gift certificates were being taken a step forward.

Mobile Gift Cards

Gift Cards are going digital this year, with the onslaught of a variety of providers who will give people purchasing power of gift cards sent directly to their mobile phones. This Fox News story touts mobile gift cards as the “cool” and “sophisticated” new gift giving idea. The article cites the success of coffee giant Starbucks this year with Mobile Gift Cards, and suggests that others are following that blueprint. Starbucks had some compelling numbers to underscore the success of their mobile gift card program according to the article:

“”Within nine weeks of the national launch of mobile payment, customers paid more than 3 million times using our mobile payment application in stores and this number continues to grow at a steady rate,” says Adam Brotman, senior vice president of digital ventures for Starbucks Coffee Co.”

A mobilesyrup article features the Mobile Gift Card for apps from Toronto-based Mobiroo. And a San Francisco Chronicle article looks at Giftly and its Mobile Gift Card product. It’s a new trend that looks to make a big splash in the 2011 holiday season.

How Do They Work?

2011 Holiday Season logoThe standard way Mobile Gift Cards are designed to work is: The card is sent via email, Facebook or text. The recipient is notified that he or she has a Gift Card, and can take their smartphone into the store and use it immediately. The store clerk simply scans a bar code from the recipient’s phone, and the card is applied to the balance.

Unfortunately, as has been pointed out by Host Merchant Services in previous posts about Mobile Payments not quite taking hold in the U.S., this standard process doesn’t always work out. Many retailers are not physically equipped to handle such a process. So if the bar code can’t be scanned, Mobile Gift Cards can still be used by consumers if they print out the coupon prior to going shopping, or if they input the gift card number at a website or point-of-sale terminal.

The obvious convenience of Mobile Gift Cards is that they work seamlessly with e-commerce and online shopping. You get a coupon code on your mobile device, and then can input that number at the website where you are shopping.

Follow the Leader

The Fox News article noted that Applebee’s, California Pizza Kitchen and Target all offered Mobile Gift Card options this year. The mobilesyrup article about Mobiroo cited the old school hook of the idea, stating that “Gift cards are a symbol of a bygone time when analog ruled and retailers yielded more to foot traffic than mouse clicks. But according to Mobiroo CEO Vinay Chopra, old is new again.”

Mobiroo, according to Chopra, sees Mobile Gift Cards having quite a lot of potential in the marketplace because of smartphones themselves, specifically the apps people use and purchase for their phones. But Mobiroo is still using a physical Gift Card, with a scratch-off area that gives a code to redeem for use in an App store, and Chopra sees this as a stocking stuffer item for the holiday shopping season.

Giftly, on the other hand, is following the example set by Starbucks and others, and makes a completely digital process available. According to the San Francisco Chronicle article: “When a Giftly card is purchased, the buyer’s credit card is charged. When the recipient opens the card on their mobile phone in the store, Giftly check their location. Once Giftly confirms that the recipient is at the right venue, the gift money is unlocked.  Giftly then send the money as a credit card reimbursement to the recipient. The recipient then purchases the product at the cash register per usual. The merchant doesn’t have to be told about the Giftly — the service is completely a location-based redemption. Unlike most gift cards, Giftly allows the buyer to select up to three venues where the recipient can spend the money.”

All Giftly cards are delivered via e-mail and redeemed on a mobile phone. They allow you to send gifts unbound by location. It adds convenience to the shopping process, which is a core element that is going to make it popular with consumers. By allowing consumers to digitally forward purchasing power to friends and family wherever they happen to be, the shopping process gets that much faster and easier, making mobile gift cards an attractive option for holiday shoppers.

Tomorrow we’ll touch on a topic brought up by this blog, taking a closer look at apps as gifts in the upcoming holiday season.