Homepage / Technology / Facebook allowed political ads that were actually scams and malware
Amazon says this Prime Day was its biggest shopping event ever Kudlow says President Trump is 'so dissatisfied' with China trade talks that he is keeping the pressure on As stocks regain their footing, an ominous warning looms Goldman Sachs downgrades Clorox to sell, says valuation is 'unsustainably high' How Satya Nadella has spurred a tripling of Microsoft's stock price in just over four years Kudlow says economic growth could top 4% for 'a quarter or two,' more tax cuts could be coming The one chart that explains Netflix’s stunning comeback US housing starts plunge 12% in June to a nine-month low Aerospace titans Boeing and Airbus top $110 billion in orders at Farnborough Target uses Prime Day to its advantage, logging its 'biggest online shopping day' so far this year Billionaire Marc Lasry sees bitcoin reaching up to $40,000 as it becomes more mainstream and easier to trade These are the 10 US airports where you're most likely to be hacked Amazon shares slightly higher as investors await Prime Day results Wreck of Russian warship found, believed to hold gold worth $130 billion A bullish ‘phenomenon’ in bond market is weeks away from fading, top credit strategist says Stocks making the biggest moves premarket: MS, GOOGL, TXN, UAL, NFLX & more Twitter shares up 50% since late April means most upside priced in, analyst says in downgrade EU fines Google $5 billion over Android antitrust abuse Mortgage applications fall 2.5% as buyers struggle to find affordable homes America may not have the tools to counter the next financial crisis, warn Bernanke, Geithner and Paulson Investors are getting spooked as the risk of a no-deal Brexit rises EU expected to fine Google $5 billion over Android antitrust abuse Ex-FBI chief James Comey urges Americans to vote for Democrats in midterm elections Elon Musk apologizes to British cave diver following baseless 'pedo guy' claim Disney, Comcast and Fox: All you need to know about one of the biggest media battles ever Xiaomi shares notch new high after Hong Kong, mainland China stock exchanges reach agreement The trade war is complicating China's efforts to fix its economy European markets set for a strong open amid earnings; Google in focus Hedge fund billionaire Einhorn places sixth in major poker tournament The biggest spender of political ads on Facebook? President Trump Asian stocks poised to gain after Fed's Powell gives upbeat comments; dollar firmer Stocks are setting up to break to new highs Not all FAANG stocks are created equal EU ruling may be too little, too late to stop Google's mobile dominance Cramer explains how Netflix's stock managed to taper its drop after disappointing on earnings Airbnb condemns New York City's 'bellhop politics,' threatens legal retaliation Amazon sellers say they were unfairly suspended right before Prime Day, and now have two bad choices Investor explains why 'duller' tech stocks can have better returns than 'high-flying' tech names Elon Musk is 'thin-skinned and short-tempered,' says tech VC Texas Instruments CEO Brian Crutcher resigns for violating code of conduct Google Cloud Platform fixes issues that took down Spotify, Snapchat and other popular sites Uber exec: We want to become the 'one stop' transportation app 'What a dumb hearing,' says Democrat as Congress grills tech companies on conservative bias Amazon shares rebound, report says Prime Day sales jumped 89 percent in first 12 hours of the event How to put your medical history on your iPhone in less than 5 minutes Investment chief: Watch these two big events in 2018 Even with Netflix slowing, the market rally is likely not over Cramer: Netflix subscriber weakness debunks the 'sky's the limit' theory on the stock Netflix is looking at watch time as a new area of growth, but the competition is stiff Why Nobel laureate Richard Thaler follows Warren Buffett's advice to avoid bitcoin Rolls-Royce is developing tiny 'cockroach' robots to crawl in and fix airplane engines After Netflix plunge, Wall Street analysts forecast just tame returns ahead for the once high-flying FANG group Roku shares rise after analyst raises streaming video company's price target due to customer growth China is investing 9 times more into Europe than into North America, report reveals Amazon says US Prime Day sales 'so far bigger than ever' as glitch is resolved Netflix is on pace for its worst day in two years US lumber producers see huge opportunity, rush to expand San Francisco to consider tax on companies to help homeless Homebuilder sentiment, still high, stalls as tariffs, labor and land drive up costs Powell backs more rate hikes as economy growing 'considerably stronger' Netflix history is filled with big stock declines – like today – followed by bigger rebounds Intel shares get downgraded by Evercore ISI due to rising competition from Nvidia, AMD Petco aims to reinvent the pet store with something you can't buy online Genetic testing is coming of age, but for consumers it's buyer beware Tech 'FAANG' was the most-crowded trade in the world heading into the Netflix implosion, survey shows Netflix weak subscriber growth may indicate a 'maturity wall' that could whack the stock even more: Analyst This chart may be predicting the bull market's demise Wall Street says Netflix's stock plunge is a ‘compelling’ buying opportunity because the streaming giant ‘never misses twice’ Tesla sinks after Musk tweets, again Boeing announces new division devoted to flying taxis Stocks making the biggest move premarket: NFLX, UNH, GS, AMZN, WMT & more Deutsche Bank downgrades Netflix, but says big subscriber miss is not 'thesis changing' IBM is experimenting with a cryptocurrency that’s pegged to the US dollar North Korea and Zimbabwe: A friendship explained Virgin Galactic spinoff Orbit to launch rockets from the UK with space deal Artificial intelligence will create more jobs than it destroys? That’s what PwC says ‘Treasonous’ Trump and ‘Putin’s poodle:' Scathing headlines follow the Trump-Putin summit China’s fintech companies offer ‘enormous’ opportunity, investment manager says Trump's performance at summit with Putin was 'unprecedented,' experts say Walmart and Microsoft link up on cloud technology as they both battle Amazon European stocks seen mixed amid earnings; Fed’s Powell to address Congress How I knew I should quit my day job and run my start-up full-time: Viral website founder China's stocks have been trounced, but the trade war may ultimately be good news for those shares Billionaire tech investor Peter Thiel bets on crypto start-up Block.one Asian shares subdued open after mixed close on Wall Street; energy stocks under pressure Amazon cloud hits snags after Amazon Prime Day downtime Netflix isn't doomed by one quarter unless people start questioning the long-term investor thesis Tech stocks set to sink on Tuesday after rough evening for ‘FANG’ Netflix plummets after missing big on subscriber growth This wristband lets humans control machines with their minds The U.S. has a rocky history convincing Russia to extradite computer criminals Amazon suffers glitches at the start of Prime Day Jeff Bezos is now the richest man in modern history 'The United States has been foolish': Read Trump and Putin's full exchange Goldman Sachs recommends these 5 highly profitable companies — including Nvidia — to combat rising inflation Goldman Sachs releases 'tactical' stock picks for this earnings season Three red flags for Netflix ahead of its earnings report The bond market may be raising recession fears, but don't expect one anytime soon Cramer: Banks are 'making fortunes' but are still as hated as they were during the financial crisis Putin told Trump at summit: Russia never meddled in US election

Technology

Facebook allowed political ads that were actually scams and malware

In September, an ad with the headline, “New Approval Ratings For President Trump Announced And It’s Not Going The Way You Think,” targeted Facebook users in the U.S. who were over 40 and labeled as “very liberal” by the tech company.

“Regardless of what you think of Donald Trump and his policies, it’s fair to say that his appointment as President of the United States is one of the most…,” ran the text. “Learn more.”

At least some people who clicked on this come-on found their computers frozen. Their screens displayed a warning and a computer-generated voice informed them that their machine had been “infected with viruses, spywares and pornwares,” and that their credit card information and other personal data had been stolen — and offered a phone number to call to fix it.

Actually, the freeze was temporary, and restarting the computer would have unlocked it. But worried users who called the number would have been asked to pay to restore their access, according to computer security experts who have tracked the scam for more than a year.

Russian disinformation isn’t the only deceptive political advertising on Facebook. The pitch designed to lure President Donald Trump’s critics is one of more than a dozen politically themed advertisements masking consumer rip-offs that ProPublica has identified since launching an effort in September to monitor paid political messages on the world’s largest social network. As the American public becomes ever more polarized along partisan lines, swindlers who used to capitalize on curiosity about celebrities or sports are now exploiting political passions.

“Those political ads, especially right now if you look at the U.S., they are actually getting more clicks,” said Jérôme Segura, lead malware intelligence analyst at anti-malware company Malwarebytes. “Where there are clicks, there is going to be interest from bad guys.”

The ads, supplied by ProPublica readers through our Political Ad Collector tool, lured Facebook viewers with provocative statements about hot-button figures such as former President Barack Obama, Ivanka Trump, Fox News commentator Sean Hannity and presidential adviser Kellyanne Conway.

Clicking on the headline, “Sponsors Pull out From His Show Over This?” — over a photo of Hannity with MSNBC commentator Rachel Maddow — led to a page styled to look like the Fox News website. It offered a free bottle of Testo-Max HD, which it described as a cure for erectile dysfunction, although it isn’t approved by the FDA. People who sign up for such free nostrums are typically asked to provide credit card information to pay for shipping and are then automatically charged almost $100 a month, according to reviews online.

Although these scams represent only a tiny fraction of the more than 8,000 politically themed advertisements assembled by the Political Ad Collector, they raise doubts about Facebook’s ability to monitor paid political messages. In each case, the ads ran afoul of guidelines Facebook has developed to curb misleading and malicious advertising. Many of the scams had also been flagged by users, fact-checking groups and cybersecurity services — even the Federal Trade Commission — long before they appeared on the social network.

Moreover, most of the sites may have warranted special attention because they had been registered within the 30 days before users sent them to our Political Ad Collector. Paul Vixie, the co-founder of San Mateo, California-based computer security company Farsight Security, said new website domains are more likely to be shady, because fraudsters often shut sites down after days or even minutes and open new ones to stay ahead of authorities looking to catch them.

As the midterm elections heat up, such cons are likely to proliferate, along with more devious forms of information warfare. Facebook Chief Operating Officer Sheryl Sandberg recently said in an interview with Axios that the social network had missed “more subtle” election interference in part because its security team had been focused on “the biggest threats” of malware and phishing — tricking people into revealing their personal information. Based on ProPublica’s findings, it’s unclear if the world’s largest social network can handle either challenge.

Facebook officials told ProPublica that the company is trying to improve its ability to stop harmful advertising, including malware and frauds, but is aware some bad ads get through its defenses. “There is no tolerable amount of malware on the site. The tolerance is zero, but unfortunately that’s not the same as zero occurrence,” said Rob Goldman, Facebook’s vice president of ads. Goldman said of the 14 deceptive ads ProPublica identified, 12 were removed by Facebook before ProPublica contacted the company in November. Facebook took down the other two after ProPublica alerted it to the ads.

He declined to identify the specific tools, such as computer virus databases or popular fact-checking website Snopes.com, that Facebook uses to inspect ads. “It’s bad if the bad guys learn how we enforce,” he said.

To be sure, malicious advertising — also called “malvertising” — likely will never be stopped fully, several cybersecurity researchers said. Segura said other internet ad companies, not just Facebook, showed similar lapses by letting such ads through. Still, the persistence of these ads on Facebook suggests the company doesn’t have adequate oversight in place to stop problematic ads before they run.

Malvertising tactics that have been reported publicly, “should be dealt with and done,” Segura said. Instead, they continue to show up — including in the Facebook ads collected by ProPublica — indicating that “the core issue hasn’t been addressed,” he said.

Traditionally, Facebook has been reluctant to review ads before they show up on its platform. In a recent video announcement outlining the company’s response to misleading political ads from Russia during the 2016 election, Facebook’s CEO Mark Zuckerberg reiterated that stance. “Most ads are bought programmatically through our apps and website without an advertiser ever speaking to someone at Facebook,” he said. “We don’t check what people say before they say it and frankly, I don’t think society should want us to. Freedom means you don’t have to ask permission first, and that by default you can say what you want.”

Under pressure from its users and lawmakers, Facebook has said it is trying to become more proactive, instituting rules to evaluate ads and posts and block or limit those it deems misleading.

The social networking giant has long had rules against fraudulent ads and those that lead people to “any software that results in an unexpected or deceptive experience.” Last year, it rolled out a policy to prevent “low quality or disruptive content” providers from placing ads, saying that ads should “link to landing pages that include significant and original content that is relevant” to the ad, and that they should not “include deceptive ad copy that incentivizes people to click.” In May, Facebook announced it had stepped up measures against “misleading, sensational and spammy” ads and posts. The company said it had used artificial intelligence to figure out which new pages shared on Facebook were likely to be low quality, which the company defined as having “little substantive content” or a lot of shocking or scammy ads. If its algorithms determined a post was likely to link to that sort of web page, it said, the post “may not be eligible” to be used in advertising.

Since 2014, Facebook has also intensified its efforts to crack down on so-called “clickbait,” which it says includes “headlines that intentionally leave out crucial information, or mislead people, forcing people to click to find out the answer.”

All the consumer rip-off ads recorded by ProPublica violated one or more of these rules.

It is unclear how many people have been cheated by such ads on Facebook. ProPublica’s sample is not random or representative, and the vast majority of politically themed ads ProPublica saw were legitimate. But what seems like a small annoyance for the social network can be a big headache for hundreds or thousands of people. For example, Facebook recently told lawmakers that only about 0.004 percent of the content on its news feed from June 2015 to August 2017 was related to the Russian Internet Research Agency’s influence campaign — but that meant 126 million Americans may have seen such items.

The Facebook scams are the latest in a long line of deceptive campaigns using digital ad technology, said Robyn Caplan, a researcher who studies algorithms and media at the New York-based Data & Society Research Institute.

They are “building off of really well-worn techniques with advertising in the ’90s,” she said. At that time, scammers started using techniques to manipulate search engine algorithms and promote their own pages. “Clickbait” and similar tactics arose as a way to entice web users.

On Facebook, though, hucksters can take their manipulation to the next level because the company gathers so much data about people and allows advertisers to target messages based on that data. So scammers can ensure their clickbait is seen by the people they think are most likely to fall for their outrageous headlines.

The political scam ads identified by ProPublica had certain traits in common. At least seven were associated with a scheme that sends readers to a web page containing a snippet of malicious computer code, or malware, to lock up the user’s computer. Those included the ad featuring Trump’s approval rating, as well as ones headlined “Ivanka Trump Has Actually Responded to Her Dad’s ‘Incestuous Comments’ About Her” — which were also targeted at “very liberal” people over 40 — and “This Barack Obama Quote About Donald Trump Is Absolutely Terrifying,” for which we couldn’t identify the target audience.

Typically, after their computers are frozen, users are instructed to call a toll-free number. Our calls to that number in the weeks after the ads ran went unanswered, but people who track this particular hoax say the perpetrators usually ask for money or login information to fix the person’s machine.

These attacks, known as “tech support scams,” have been a common problem for several years, said Will Maxson, the assistant director of the division of marketing practices at the Federal Trade Commission who has been fighting them since 2013.

Maxson said when he started, the scammers called potential victims on the phone and claimed to be from Microsoft or Apple. They have since also adopted more sophisticated techniques, including the computer-locking code seen by ProPublica.

We couldn’t figure out who was behind the tech support scams we found. The accounts used fake names such as Facts WorldWide and News Express. Website registrations for the sites used in the ads, which had addresses such as poolparty9.info and factsforyou.info, used a service that masked the actual address. Clues on one related site and in the malicious code pointed to people in India, but such details can be easy to fake, and attempts to contact the people went unanswered.

Facebook isn’t the only company to have overlooked the tech support scam. The ad about Trump’s approval rating used a known flaw in web-browsing software that can be exploited to eat up all available memory, making the computer freeze. This browser vulnerability was first reported in 2014 and has been used by tech-support fraudsters for about a year, Segura, the malware researcher, said. But Safari and Microsoft’s newest browser, Edge, were the only ones with a fix when the ads ran. A spokesman for Google, which makes the Chrome browser, said the company had introduced an “initial patch” for the bug in September but was still working on improving protections against the flaw. A spokesman for Mozilla, which makes the Firefox browser, said the organization plans to fix the problem in an upcoming version.

Even if this flaw were fixed, there are other vulnerabilities that tech support fraudsters commonly use to lock up computers, such as trapping a user in a pop-up screen.

To hide their activities from Facebook’s automated scanning tools, almost all of the scammers used a technique called cloaking. Typically, cloaking involves running bad content only at certain times or to selected audiences, redirecting some people to a separate website, or automatically altering the content depending on who is looking. In August, Facebook issued a press release detailing how the company was using artificial intelligence to uncover cloaking.

One version of the ad about Trump’s approval ratings sent users to a site named poolparty9.info. When we first saw it on Sept. 25, that site automatically funneled many users to another site — more-updates.tech — which had the bad code to lock up their machines. When we rechecked the ad later, poolparty9.info was blank and didn’t send people anywhere else. Presumably, computer security experts told us, poolparty9 would have kept any Facebook scanners it detected on the same blank page, rather than referring them to more-updates.tech.

Cloaking also protected a set of ads proclaiming that Kellyanne Conway was leaving the White House. The reasons for her departure given in the linked article changed depending on the user’s choice of browser. In Firefox, the site said she quit her job to sell Allura Skin cream, but when an automated internet archiving service — similar to a tool that a company like Facebook might employ to scan ads —visited the same site, the story merely said Conway had left, and didn’t say what she planned to do.

ProPublica’s tool collected at least five different versions of the Conway-related ad. They linked to sites such as cashmillionaire.info and jumping-jimmies.info, which were registered using the email address freemoneyteam@hotmail.com, according to DomainTools, a Seattle-based computer forensics service. These sites encourage visitors to sign up for a free trial of skin cream and ask for credit card information to pay only for shipping. But consumers are then charged nearly $100 automatically for each small vial of cream, according to Snopes.

Cloaking is supposed to trick companies like Facebook by showing them legitimate websites and pages. But in these cases, even the sites that were supposed to pass inspection actually violated Facebook’s rules against clickbait and low-quality content and could have indicated to Facebook that something was amiss.

Many of the decoy sites offered outlandish or false information. For example, another version of the Trump ad sent people to liveyourpassion9.info, which offered content such as “10 Fantastic and Bizarre Caterpillar Facts” and “10 Most Bizarre Planets You’ve Probably Never Heard Of.”

Most of the ads affiliated with the scam that locked people’s computers included links to Facebook pages, not just outside websites. While these Facebook pages may have been intended to enhance credibility, they typically posted either almost no content, or content that was just copied from elsewhere on the web. Many of the Facebook pages and the outside websites used for cloaking featured similar teasers, such as “GET ALL THE LATEST FACTS ALL OVER THE WORLD.” A Google search for that phrase turns up a handful of dubious Facebook pages and outside websites operating since June, suggesting that the scam was rolling months before ProPublica saw the ads this fall.

In addition, several of the decoy websites were associated with computer servers known to be problematic. DomainTools gave several of them a “risk score” that indicates they are worth further security review. One was classified as actively dangerous by an antivirus company nearly a month before ProPublica’s tool saw the ad.

Facebook failed to unveil the cloaking and detect the flimflams despite many prior specific warnings about the ads. Most notably, the Conway scam had been reported in May by Snopes, with which Facebook has partnered in an effort to block advertising by purveyors of fake news. Snopes found an overwhelming number of almost identical advertisements that falsely claimed Conway and other celebrities had started careers in skin care. Snopes pointed out that the free trials of skin care products could actually cost consumers almost $100. The Federal Trade Commission has fined advertisers for similar behavior.

A Facebook page associated with another ad carried more than 100 comments from users warning that this was “fake fake fake” and “clearly a scam!,” including comments posted weeks before ProPublica gathered the ad. This ad, aimed at users who were over 18 and had recently been in Switzerland, trumpeted, “Anonymous shocks Donald Trump by revealing system which made him rich!” The advertisers claimed to offer access to a stock-trading scheme promoted by the hacker collective Anonymous. They sought a minimum deposit of $250 and said “our system will quadruple this in just 24 hours.” They described their “system” as “limited to binary options,” a scheme that involves betting on whether a stock or commodity will go above or below a certain price. The FBI cited binary options earlier this year as a common vehicle for identity theft and other fraud.

“I just wonder why Facebook keeps suggesting these. This should be checked before actually sending this to people,” one Facebook user complained.

The audio file used in the Trump approval ad and other tech support scams to tell people that their computers were infected was flagged as a cybersecurity risk over a year ago. And one of the sites hosting the bad code, more-updates.tech, had been marked as malicious by a widely used service almost two weeks before our tool collected it.

Goldman, the Facebook official, would not specify which services Facebook relies on to tell it whether an ad might be a problem. He also said the company doesn’t make decisions on an ad based on any one indicator.

Facebook users have been complaining for more than a year about fake political headlines leading to sites that locked their computers, according to a review of Facebook’s online help forums.

Cath Nelesen, an Arizona retiree, posted on such a help forum in October 2016, asking “how to stop a hack” that she had seen two times in one week. Nelesen, who describes herself as a “staunch Hillary supporter,” told ProPublica she clicked on an “unbelievable” link about the election. She didn’t recall exactly what it said but thought it may have falsely asserted that Hillary Clinton had been arrested.

She clearly remembered what happened next, though: “Immediately there was a message that I was infected by malware and needed to call an 800 number affiliated with Microsoft,” Nelesen said. Her son-in-law had worked for Microsoft, and had told her of swindlers claiming to be Microsoft tech support. So she realized it might be a hoax, but she didn’t know how to regain control of her computer.

“Finally I turned off and prayed,” she said. When she turned the computer back on, it worked — possibly due to the prayer, but more likely because the code that locked up the screen only works when the harmful webpage is open.

She complained to Facebook and received a generic answer about the importance of reporting problems and avoiding spam. “It was completely worthless to me,” Nelesen said. “You’d think if you report something to somebody the problem would stop, but that isn’t the way it goes. I wouldn’t depend on Facebook for any help.”

Source: Tech CNBC
Facebook allowed political ads that were actually scams and malware

Comments are closed.