Maybe the hardest part of uncovering fraud is figuring out what it looks like. In the old days, that meant knowing the markings of a fake check, or even just counting the till and matching it to inventory. Now, it means watching out for phishing, identify theft, and social media cons. While some of that activity looks surprisingly human, a new study of Facebook Like farming suggests there are some tell-tale signs.
Two kinds of Like farming have been in the news of late. The firstinvolves creating a Facebook page (or Twitter or Tumblr or whatever) designed to attract attention with cute puppies, little girls with cancer, or fallen soldiers. If enough people click “Like,” it becomes valuable—the page’s owners can sell it off to marketers, who will then use it to advertise the next diet pill or $25 iPads to credulous Internet users.
If enough people click “Like,” it becomes valuable—the page’s owners can sell it off to marketers, who will then use it to advertise the next diet pill or $25 iPads to credulous Internet users.
But not everyone wants to sell to spammers—some people just want to get some momentum going. Facebook Likes send a signal that a product, coffee shop, or band has value and might be worth following. Like anything of value that takes work to get, there are people more than happy to sell you a shortcut. Real Fans Generator will sell you a thousand Likes, five thousand Twitter followers, or 200 Google +1s for 50 bucks. Social network companies don’t look favorably on the practice, but it’s anybody’s guess what it looks like in terms of readily available statistics, so it is not clear how to ferret it out.
To find out, University College London computer scientist Emiliano De Cristofaro and colleagues set up eight “honeypot” Facebook pages and paid four websites to harvest 1,000 Likes for one of the pages over the course of two weeks, using either United States-based or international users. For comparison, the team promoted five other pages using legitimate Facebook ads aimed at users in the U.S., Egypt, France, India, and worldwide. Each of the 13 pages, honeypot and legit, was called “Virtual Electricity” and contained minimal text: “This is not a real page, so please don’t like it.”
In some cases, Like-farm Likes came flooding in, all at once or in blocks of a few hundred a day spread out over a few days, though a few seemed to mimic the slower, steadier pace of legitimate Likes for pages advertised through Facebook. Similarly, the friendship networks of Like-farm likers differed from legitimate ones. One company’s Likes came almost entirely from a densely connected group of Facebook friends, while real likers didn’t have many other friends who’d Liked the same page. Like farmers were also generally older and more likely to be men than real likers.
The team concludes that while some Like farms are trying hard to cover their tracks, bought-and-paid-for Likes often exhibit some peculiar patterns that could be used to design fraud-detection algorithms. The team will present their work at the Association for Computing Machinery’s Internet Measurement Conference in November.