Close

April 14, 2017

The Menace of Comment Spam on Facebook and its Comments Plugin

Comment Spam on Facebook Plugin

Like death and taxes in life, spam has become inevitable in the digital world. Comment spam is a term we use to refer to a broad category of postings which abuse web-based forms. The abuse occurs in the form of unsolicited advertisements, malware and phishing attempts posted as comments.

Spammers spam in multiple ways. They do it with spambots, with browser extensions, sometimes even manually – imagine a spam farm in Bangladesh.

The menace has long been a major issue for online users, and there have been several revelations of the whole behind the scene massive business that the Spam industry is.

One of the popular way to combat spam has been the use of different Comment System. The thing is spambots find it tough to deal with them. Thus, a few years ago comment plugins became very popular, Facebook Comments being one of them.

Facebook Comments Plugin

FB comments plugin offered the opportunity to set up a common platform for conversation by making comment mirroring possible. Now your viewers could be a part of a single conversation whether the comments came from Facebook or your website.

Going with the new-found FB buzz many sites installed it. However, many of them were to repent their decision. As it soon became a favorite hunting ground for spammers and scamsters alike.

The Menace of Comment Spam on FB and its plugins

The spammers on Facebook have continued evolving. Today, you will not find much of those blatant “Get Rich Quick” schemes, but rather nimble and subtle nudge towards “financial services” or “free products” laid out in form of comments.

Facebook became a pretty lucrative target for spammers to go after due to its growing popularity and ever-increasing individual and brand presence. Facebook on its end maintains that a lot has been done to curb comment spam.

But as no automated platform is perfect, it being especially one as large as Facebook, the spammers continue to take the spoils. From clickjacking worms to backdoors, they use it all. And the continuous evolution in malware spamming left even the best security practices wanting.

The Business of Comment Spam

One of the primary reasons that spam is such a persistent problem is the amount of money that goes into it. Several reports suggest that spamming is a billion dollar industry.

According to the Guardian’s report,

Spammers who post links on Facebook fan pages to direct users to third-party scam sites earn up to $200m annually

Not only via Facebook posts, even the comments section became a tool for spam. This affected all websites that used Facebook Comments Plugin. As Buzzfeed reported how publishers, including itself, were at the receiving end of the comment spam attacks.

This Symantec report brought it to light and covered the scenario in great detail. Some of the notable techniques were posting comments which baited gullible users by promising free-run movies.

Comment Spam in FB comments plugin

Ant-man movie video spam on FB. Courtesy: Symantec

This turned out to be very effective for spammers. One fake video player, which claimed to show Ant-Man, was clicked on more than 5,000 times. The outburst of these comment spam attacks led to massive technical support issues for Windows, Mac OS X, and mobile users.

Facebook has automated systems and dedicated teams to classify and catch malicious users. They claim to take it seriously and use various tactics like banning fake accounts and pages, blacklisting bad links, and down-ranking spammy content.

However, the scammers have devised clever methods to avoid automated spam filters.

Smart Spam

Initially, a normal innocuous comment is posted, which passes the Facebook Filters. Later on, as the post gets popular, the comment is edited with the “free movie” or similar bait material.

Secondly, spammers hide their destination sites by using legitimate link-shortening services. They shorten the link by using tinyurl.com or bit.ly and easily bait unsuspecting users to target sites.

This allow them to bypass FB security filters which check any outbound links to verify spam. It also helps to avoid detection by viewers who would otherwise have got suspicious seeing the extended link.

Third, involves the use of images with text on it.

With many sites using Facebook Comments plugin, the comment spammers hit two targets in one shot. The comment mirroring automatically enabled the spam to appear both on the site and on the page.

The Business

As per the 2015 Guardian Report, the spam posters get paid an average of $13 to post on pages that have around 30,000 Likes. And up to an average of $58 per post, for pages with more than 100,000 Likes.

Considering these two as extremes, it states that spammers earn somewhere between $87m and $390m. Taking into account the number of “likes” on pages, the average came to be just over $200m annually.

Taking into account that, the third parties are the ones who pay spammers. For the financial model to work, the third parties must be amassing benefits even greater than what they are spending on the spammer.

Thus, one gets the idea of the massive amounts of money that the Spam industry makes. This is also the reason why it is so difficult to get rid of spam.

Conclusion: Comment Spam in Facebook Comments Plugin

Facebook Comments plugin promised better engagement, boost readership, encourage sharing. While, this might be true to an extent for small blogs, as most of their engagement comes from their immediate social network, friends and friends of friends.

But, large websites with bigger reach like news portals and digital publishers, have generally reported a drop in engagement with Facebook comments. As TechCrunch found out, removing the veil of anonymity, pushed away their commentators

Additionally these publishers also have had to bear the brunt of the massive spam targeting of Facebook Comments. While, FB may have systems and filters in place, it is still the primary target to spam on.

Facebook has become an easy medium available for spammers to spread their tentacles. This has adversely affected many websites and publishers.

Vuukle Friday Anti-Spam Series

Vuukle has continually demonstrated its commitment to fight spam and trolling in the comment section. From sophisticated anti-spam technology, editor-friendly moderation panel to technology partnership with Google, Vuukle has declared war on spam and hate speech on the internet. Stay tuned every Friday to learn how you can join hands with Vuukle to win this war.

Santosh Kumar Pandey

Engineer by qualification, content & marketing expert by profession. Meditate, blibliophile & a creative geek.