Users can't tell Facebook from a scam

A new whitepaper from Bitdefender examined victims targeted in 850,000 Facebook scams. It turns out Facebook's user experience makes it easy for scammers to exploit users


A new whitepaper from antivirus company Bitdefender examined 850,000 Facebook scams over two years, showing the psychology of those who get taken in and how Facebook's own user experience enables these scams to flourish.

In analyzing 850,000 scams spreading in countries such as the US, the UK, Australia, Germany, Spain, France and Saudi Arabia since October 2012, the researchers found that scammers have infected millions of users with the same tricks over and over again -- just repackaged.

The top five tricks rely on a combination of the obsessions encouraged inside the Facebook experience, and user confusion within a system that is so ever-changing and complicated, users would be none the wiser that a given scam isn't just a new "feature" or another of Facebook's psychological experiments being done on users.

The psychologists and researchers behind Bitdefender's whitepaper showed the five most popular categories of scam-bait to be:

- Guess who viewed your profile (45.5 percent)
- Facebook functionality scams, such as 'change your background color' (29.53 percent)
- Giveaway scams (16.51 percent)
- Celebrity scams; alleged sex tapes of Rihanna, Miley Cyrus and Taylor Swift (7.53 percent)
- Atrocity videos (0.93 percent)

The top two scam styles prey on a general lack of understanding about Facebook’s functionality -- which, as most users know, is a constantly moving target.

Nearly half of the millions of people scammed on Facebook fell prey to the kind of obsessive curiosity the social network encourages: people who just want to see who looked at their profile.

"The most popular Facebook scam offers users the chance to see if they are still searched by a person for whom they may still have feelings for," the researchers wrote. "The 'profile viewer' message is customized, touching them on a personal level."

About one in three Facebook scams fool victims with features that Facebook doesn’t even have, such as dislike buttons and timeline color personalization.

- Facebook functionality scams – almost a third of the total number of scams – are based on the increasing importance of social network profiles and experience.

- The need to embellish your avatar is the universal need of managing one’s image. Any additional feature is viewed as a possibility to make one’s image and experience even better.

- All it takes for users - otherwise very sharp offline - is the lack of know-how regarding social networks and their features.

Disturbingly, Bitdefender's researchers added:

Though less present, the last two categories of Facebook scams are growing at a steady pace. Celebrity sex tape scams and atrocity news (such as murders and child abuse) are attracting thousands of victims with every new campaign, as they also "include" alluring videos.

- (...) Children and teenagers are the most exposed to atrocity video scams, and we expect their number to intensify in the future.

Facebook temporarily banned the posting of beheading videos in May 2013, but lifted the prohibition in October of the same year, stating it would continue to allow such videos if they are presented as news or in a fashion that condemns them. The social media giant recently faced renewed scrutiny over the policy in light of recent events highlighting the rise of violent extremism.

We're used to assuming that the people falling for clickbait scams are just not very smart.

But Bitdefender's findings show that users falling for Facebook scams are simply falling for their expectation of Facebook's user experience -- and it's not their fault.

Facebook scams are big business; a number of Facebook scams make their money through Trojans that snatch bank and browser passwords.

One famous scam -- the so-called Nigerian scam (now expanded beyond the typical email campaigns) -- alone cost $12.7 billion in global losses in 2013, according to an Ultrascan AGI report. Bitdefender's Security Specialist Bianca Stanescu tells ZDNet we can "expect Facebook scam losses to be even higher."

It sounds like a sick punchline, that Facebook's users can't tell what's Facebook and what's a malicious scam. But in light of Bitdefender's surprising report showing the scams are hitting everyone, it's becoming costly, only growing worse, and it's victimizing every kind of user.

For more information about the psychology at work in scams that target Facebook users, check out Bitdefender’s whitepaper.

ZDNet has reached out to Facebook for comment and will update this post accordingly.

Subsidiaries of international research organization with over 3280 experts in 69 countries

Ultrascan Research


Examples of case research into various topics and alerts from the Ultrascan group and associates

Ultrascan Humint


Ultrascan HUMINT have primary sources, extensive experience with identifying, locating, mapping, monitoring, analysing and predicting perpetrators of money laundering and the planning, funding, communications and support of terrorism.

Ultrascan FIU


Ultrascan FIU Financial Intelligence Unit - A mixture of intelligence gathering, investigations, reputational risk mitigation and Innovative Technology in line of objectives. Focused on external information and stakeholder engagement, to detect exposure to financial crime risk.

Ultrascan Interactive Research Intelligence and Analysis BRAINS


Intelligence and Analysis. Wander Around in our Detailed Global Interactive Research - Criminal and financial relationships visualized - Non-linear - visualizes knowledge like you've never seen before - AML KYC FIU - Business Solutions - Innovative Technology