In an attempt to increase reader engagement, media publications like BuzzFeed and The Huffington Post started allowing embedded comments from Facebook to show up directly on their sites.
Instead of having to create a username to leave a comment, using Facebook made the process simpler and faster.
But lately, embedded Facebook comments have played host to sinister conversations.
People have now figured out a way to use this feature to their advantage — spamming links through Facebook comments that would ultimately show up underneath articles on sites reaching millions of users every day and costing gullible folks who click them tons of money.
BuzzFeed news reporter Joseph Bernstein recently explored the latest spree of comment scams.
One of the most popular scams is the “free movie” scam. A surreptitious Facebook account will post the phrase, “This is random and out of the topic but I still want to share it. Ted 2, Terminator Genisys, Jurassic World, Minions 2015 is now hitting big! I found a site that I can watch free and can provide HD version.”
The con begins with an harmless comment that wouldn’t be flagged immediately. Then, once the comment goes live, the author can edit their text to include the baited links for people to watch “free movies.” It’s a clever bypass tactic that so far is proving tricky for publishing sites to quash.
If someone clicks on those links, a series of bit.ly links are given. According to BuzzFeed, anyone who falls for the trick will get re-directed through “Adcash, an Estonian advertising network that, according to Symantec, ‘has been known to host advertisements that are malicious.”
From there the user is taken through several fake video and technical support spam sites. The goal for the scammers is to get users to call a support worker who will charge a fee for “cleaning” the computer.
Bernstein reports that “one fake video player, which claims to show last month’s Paul Rudd vehicle ‘Ant-Man,’ has been clicked on more than 5,000 times.”
In a statement to BuzzFeed, Facebook confirmed that they “use automated systems and dedicated teams to classify and catch malicious actors, and when we identify spam we enforce against it by banning fake accounts and Pages, blacklisting bad links, and down-ranking spammy content.”
But Bernstein points out that scammers can easily find workarounds to some security measures put in.
To read the full story on BuzzFeed’s site, click here.
Business Insider Emails & Alerts
Site highlights each day to your inbox.