As detailed on his blog, Seitz stumbled onto this subject after noticing a provactive ad related to professional hockey player Sidney Crosby.
Seitz observed that the URL associated with the ad, ctvnews.ca, belongs to a reputable Canadian news outlet, so he clicked on the ad.
He found himself on a website that resembled ESPN.com, not ctvnews.ca, but the domain, espn.l1dh.com, was dubious.
Scrolling down, Seitz found a number of ads for supplements:
At the bottom of the page were apparent testimonials, presented in the format of an embedded Facebook Comments Plugin, but it wasn’t genuine.
Instead, Seitz discovered that the creator of the page had taken photos of real people and attributed fake comments to them.
Clearly someone has figured out how to game the Facebook system in order to run ads that look like they lead one place (ctvnews.ca) and ultimately lead to somewhere vastly different.
Not only that but they are repeatedly using trademarked names, terms, and false information to sell product. This violates a number of Facebook advertising policies.
My guess is that you sign up for the “Free Trial” and you are going to get dinged once a month for life. Or worse.
Using Hunchly, Seitz decided to see if he could figure out how common this was.
He quickly identified another Facebook ad on a page he had viewed months ago, this one also appearing suspicious and being associated with the URL of a legitimate Canadian news organization.
This ad, which also eventually led to a landing page hosted on a suspicious domain, used Google’s URL shortening service, so Seitz was able to determine that in a very short period of time, the shortened URL saw 26,812 clicks, at least nearly half of which originated on Facebook.
The worrisome implication…
…fraudsters can create ads that appear to point to legitimate sites, and then drive tens of thousands of clicks through to their landing pages.
Facebook apparently is asleep at the wheel, and sadly, I feel that the general Facebook user and consumers as a whole are being victimized because of it.
In an attempt to verify this, Seitz himself set up a Facebook ad campaign for Hunchly and specified that CNN.com be the display URL.
“Surely they must catch the fact that the destination URL is not even close to the displayed URL. Surely they must see how bad this would be for the average consumer or Facebook user.”
But that wasn’t the case. To Seitz’s amazement, the ad was approved.
What gives, Facebook?
While Seitz’s proposed solution for this problem, checking to ensure that the landing page domain matches the display domain, is probably too simplistic to be viable, his investigation does raise serious questions about how well Facebook is policing ads.
Certainly, the apparent ease with which advertisers can use display URLs referencing popular news sites is hard to understand.
As Seitz noted, “If you tried this in Google AdWords, you would be laughed right out of your account.”
One commenter suggested that the apparent fraud Seitz discovered only scratches the surface.
“I’m afraid you have no idea how black (hint: think Archer) the black hat advertising on Facebook can go, this is not even the tip of the iceberg,” he wrote.
Others on Hacker News suggested much the same thing, with one person even claiming that “an affiliate acquaintance I met once bribed a Facebook employee, who set his account to autoapprove any ad he wanted.
He used this to advertise Google Is Hiring: Work from Home credit card rebill offers. He told me he made $80,000 in the four days it took Facebook to discover it.
Obviously, in its defense, Facebook, as one of the largest players in online advertising, has a tough job.
Keeping up with scammers and advertisers looking to bend the rules to exploit its massive audience will realistically be an ongoing process, and Facebook isn’t going to catch every black or gray hat tactic before it gets employed successfully.
But as with any ad company, Facebook faces an inherent conflict: even though it has good reason not to let bad ads overtake its network, it still profits from them.
The company’s revenue grew a whopping 57%, from $3.3bn to $5.2bn, in the first quarter of the year, so the stakes are high.
And with Facebook extending its Audience Network to show ads to non-Facebook users, the stakes will soon be even higher for Facebook, legitimate advertisers and consumers alike.