How Spammers Use Facebook

Facebook For Spammers

A family member "Like"ed a page on Facebook that said you would get a $500 Costco gift card. In my mind, I saw "Sucker..." in a bubble over my head as I was about to click the same link, so I stopped and thought this would be a cool experiment.

Yes, it is true, some people think I have a strange sense of "cool".

To see what happened with that link, I created a dummy email account on my server: costco@dascc.com and when asked where I wanted my $500 card sent to, I started identifying myself with that email address.

Nothing comes for free. Costco isn't this generous corporation that is interested in how David Soussan is getting on in life and deciding to send me $500 to help with the bills. So I knew going in this was going to be something interesting, just wasn't sure where it would end up.

Quote
Click Here for Press Release

So I sent them to my sandbox!

I love sandboxes. I can build whatever I want, see how it works, see how it breaks, and when done with a few waves of my hands I'm back to a pristine plot of sand to build the next thing. In this case, I built a little email trap to see where all the costco gift card email data propagated.

Remember, nothing is free!

If you aren't paying for something, then you are the product being sold!

Think about that for a few seconds. If you don't pay for Facebook, or Instagram, or MySpace, or whatever site, then who is paying for it? Computers cost money, run on electricity that costs money, take labor to setup and maintain that cost people's time and unless they are doing it for love then the people that maintain those servers are getting a salary - thus doing it for money.

That doesn't mean that if you pay for something that you / your information isn't also a product that is being sold! But that is a different article.

So what? So I typed my email address into that site - who cares?

Maybe you care, maybe you don't. Maybe you like spam! I hear it makes tasty sandwiches. I don't like it and wish I didn't have to deal with it, and so do most people I know.

But maybe you like it? If so, go ahead and enter your real email address everywhere you can!

Enough with the words - get to the point already.

Ok, so I know that anything that came into costco@dascc.com is really spam and I can drop it on the floor. Instead, I moved it all into one folder so you could see just what entering that email address into one box in the hopes of getting a $500 Costco card netted me.

To the best of my knowledge, this offer is not Costco's, nor is it Facebook sponsored - it is the spammers and scammers using Facebook, and Walmart, Costco, and other companies to lure you into their schemes.

Also, keep in mind all I did was enter my email address on the first page. I didn't do any of the other offers, didn't meet any of the requirements, didn't give out any other personal information. I also have a number of block lists which reject mail from known spammers - so these emails that did come in made it through all those defenses. I'll bet a ton were dropped on the floor and never made it to my junk mail folder - and most were at least flagged as junk mail.

Here is the first page of spam, all sent to the costco@dascc.com fake email address I'd created:

Spam from Facebook Ad

At the bottom, you can see when I first entered my email and the confirmation request, which I never did confirm. The next day, the spam started and has continued ever since:

More spam

I would like to think that if I did complete all the fields and participate in the various offers that I would have gotten a costco card. That isn't what I was testing here, but given all the "offers" and "loans" and deals that are being thrown my way, my opinion is that most of you should just stay away from these schemes.

Follow the mantra: "If it sounds too good to be true, it probably is."

Or, before you click on that link, think of P.T. Barnum's phrase: "There is a sucker born every minute."