Experts at security firms such as Sophos say they've seen the social network's security teams recently crack down on the "watch-this-video, count-your-visitors, see-whose-stalking-you" scams.
That slowdown, if it lasts, is good for Facebook users. But Chester Wisniewski, senior security adviser for Sophos' threat-research team, suggests it could forecast a coming shift."If Facebook does a better job, we'll see attackers move somewhere else," Wisniewski said. "They might go to Twitter."
In the middle of March, Wisniewski saw a dip in the number of complaints Sophos received from Facebook users. Facebook security officials apparently are now setting thresholds on how fast pages can be liked. By slowing down the fast-growers, security analysts can see if users are actually clicking to like the page, or if it's instead picking up massive numbers because scammers are "likejacking" an unwitting users' friends list.
The list of recent Twitter scams -- and judging by the list at the bottom of this page, they look a lot like their Facebook counterparts -- suggests some scammer-migration already is happening.
Twitter users can help protect themselves with a little bit of knowledge.
The guts of how the scams work are often much the same. In most cases, a link appears -- apparently from someone you know -- claiming you can keep track of visitors to your page, or, as WalletPop's WebWatcher column recently reported, find out who's "stalking" you on the site.
Once you click through, you're prompted to add an application, but the only thing it really does is blast the initial link to your own list of contacts. Meanwhile, you get dumped into a survey, either adding to that page's traffic, and presumably its eventual revenue, or, worse, requesting information that can be used to charge you money.
On Twitter, the Facebook-like scams include, in recent months:
- The Twitter Visitor-Count Scam: Want to know how many people are peeping your Twitter account? Once you buy into that proposition, this bogus link shuffles you to a page that displays a random, fake visitor number. You're then prompted to take a test or survey, sometimes requiring a cell phone number to begin. Once you give your number, multiple weekly texts start to hit your mobile, costing you several dollars each.
- The Stalker Count Scam: This one made its way to Twitter in early March. It works in roughly the same way as the visitor count: You accept an application that blasts the invitation-link to all your friends, then land at a survey, helping to up that page's per-click totals.
- Time on Twitter Scam: This one claims that it will measure how many hours you've spent on your Twitter account. Back in February, it was making the rounds on Facebook. In March, it popped up on Twitter. The usual mechanism is at work: It hijacks your Twitter contacts list, then plops you into a survey.
- The Whale Tale: Here's one making Facebook rounds but not impossible to imagine on Twitter: a link claims to direct clickers to a video of a tsunami-swept whale striking a building in Japan, after the March earthquake. Click the "video" on the page that follows and you're allowing a concealed bit of code to fire off a message to your Facebook friends that says you "liked" the link. All you get -- in the end -- is yet another questionnaire.