Pelland Blog

It’s Never Too Late to Start Guarding Your Privacy

May 10th, 2017

I logged onto Facebook this morning, and I was immediately presented with a sponsored display ad hawking a t-shirt design that read, “Never underestimate an Old Man who listens to Neil Young and was born in September.” If I was naïve, I would see that ad and think, “Wow! This is my perfect t-shirt”, then order one. In the short time in which this ad has been displayed, it has been “liked” by 480 people, shared by 182 people (multiplying its reach at no charge to the advertiser), and has received 61 comments. Every one of those comments is from a man who confirms that he was born in September (usually adding a year from the 1950’s or 1960’s) and wants one of the shirts.


Man-NeilYoung-September-FacebookAd

Is the fact that I was shown this advertising a coincidence? No way! It is custom-tailored to my identity. If I went to the order page and modified the URL, I could display any of a number of t-shirt designs based upon:

  • The name of the performer.
  • The birth month.
  • Whether I was a man or a woman.

Here is an example:

Woman-Bob-Dylan-August-FacebookAd

To make the ad even more effective, the ordering page includes a countdown clock to create a false sense of urgency:

Ordering-Urgency-FacebookAd

Depending upon how you view it, being presented these ads is either a brilliant use of Facebook’s marketing potential or an egregious violation of the personal privacy of Facebook users. In this case, I was being shown advertising that was based upon the disclosure of my gender, age, month of birth, and taste in music … all information that I had either voluntarily or unwittingly published on Facebook for either my friends or the world to see.

Yesterday, I was presented with another variation of the ad, based upon the fact that I drive a Jaguar … another fact that I had disclosed on Facebook. Now, I can also order a coffee mug! I am sure that I could modify the URL on the ordering page to change the design to show the name and logo of just about any car company. (On a side note, I have to wonder if these performers and companies are being paid royalties by the t-shirt company for use of their trademarks.)

Man-Jaguar-September-FacebookAd

You may think that this is all innocent, fun, and the price we pay for the otherwise free use of social media apps like Facebook, but there is more involved. I don’t know how many times I have seen friends on Facebook post a complete set of answers to 50 personal questions such as the name of their elementary school, their first phone number, name of their eldest sibling, and so forth. Whenever I see this being treated as a harmless and fun exercise, I cannot help but ask myself, “Are you insane?” If any of these questions and answers seems familiar, it is because they are among the same ones that are used as security tests on your online banking or an e-commerce site when you reset a password. Yes, the name of your first pet can lead to the theft of your identity!

You may have seen the recent news about the “Google Docs” phishing scam that proliferated in e-mails on May 4, 2017, said to be the most effective e-mail worm since the “I Love You” virus that caused havoc back in 2000. The scam was effective because it looked legitimate (it is so easy to copy the appearance of a legitimate website!), came from somebody you knew (rather than some random name chosen by a hacker in Belarus), and was spread through the type of shared online document that we have come to accept as routine. Even cautious recipients who would never open an e-mail attachment from a stranger thought that it was safe to download the same sort of document that appeared to have been shared via a cloud service by a known sender. All of these scams, whether relatively harmless or downright nefarious, play upon the human willingness to trust those with access to our personal information.

At the moment, leading into Mother’s Day 2017, there are several gift card scams that are proliferating on Facebook almost faster than they can be identified and taken down. One purports to offer a $50.00 coupon for use at Lowe’s home improvement stores in exchange for taking a short survey, in which you will be disclosing a wealth of personal information. Another purports to offer a $75.00 coupon to Bed Bath & Beyond, the same sort of scam that attempts to gather your personal information for exploitation later.

As I have said in the title of this article, it is never too late to start guarding your privacy. In fact, today is the best day to begin!

This post was written by Peter Pelland

If a Contest on Facebook Sounds Too Good to be True …

September 2nd, 2015

You probably know how that sentence ends. If something sounds too good to be true, it probably is too good to be true. In this case, there have been a number of hoaxes that have circulated on Facebook, and it is amazing how many thousands of people unwittingly think these “contests” are authentic before the pages get reported and eventually get taken down.

Over the weekend, one of my friends on Facebook shared a link and commented how she hoped she would be one of the lucky monthly winners of $5,000.00 in travel money being given away by Qantas Airlines. The page looked very authentic but I immediately detected a scam. The page had relatively few posts for a big corporation, all of which dealt with the contest, and I noticed that it had a total of only 14,190 “likes”. That low number of likes is a dead giveaway that you are not at a legitimate page. A quick search brought me to the real Qantas page, with 715,496 likes and, of course, no such contest.

It turns out that this is not the first time that Qantas has had to deal with the public relations nightmare that can result when people think that a business is somehow responsible for a scam in disguise. In an earlier instance this year, a fake page announced that the airline would be offering free upgrades to first class for all passengers through the end of 2015. That bogus page accumulated some 130,000 likes and over 150,000 shares in the first 24 hours of its existence. Yes, people can be very naïve.

Another friend not long ago shared a link to another Facebook page that captured his excitement. It alleged to be Chevrolet and was encouraging people to enter a contest to win a free Chevy Camaro. I noticed that all of its posts involved the fake contest, most extending the entry deadline in order to get more people to “enter”. Once again, I noticed that the page had relatively few “likes”, and I provided my friend with a link to the real Chevrolet Camaro page on Facebook, not surprisingly with 4,407,269 likes as of this writing. Until somebody reports a page that mimics the identity of a legitimate page and violates its legal trademark, scams like this will perpetuate indefinitely.

One way to quickly confirm the authenticity of a Facebook page is to look for the blue checkmark icon next to the page’s name, confirming that the page of a global brand or business, celebrity or public figure, or media outlet has been verified to be legitimate. Unfortunately, Facebook does not offer this authentication option to small businesses like yours and mine.

If you encounter one of these fake pages, you may be wondering why somebody has taken the time to create it. Typically, the pages are built by individuals who are engaged in the practice of “like farming”, hoping that their page will not be reported and taken down before they will be able to increase its value and profit from it in a black market engaged in the buying and selling of this type of content. Visitors to these pages are usually encouraged to “like” and “share” the pages, whether the incentive is a bogus contest, a chain letter, or simply a photo of a cute puppy or kitten. If a page has more “likes”, it will sell for more money to subsequent scammers who can then engage in more nefarious cons. Many of those are engaged in the collection of personal information that only begins with e-mail addresses and Facebook profiles but could very well end in full scale identity theft.

We all know people who have gotten their personal profiles compromised on Facebook. It can be a nightmare, but for a business, this type of violation can be far more damaging. As a business owner yourself, probably with a Facebook page of its own, you need to be vigilant about protecting your company’s online identity. There can be very real costs in crisis communications and the loss of consumer confidence in your brand. Back in 2012, another airline – Jetstar – suffered tremendous corporate damage when a scammer set up a bogus Facebook page and began posting highly offensive responses to customers posting questions to what they thought was its official page. Instances like this are nothing less than corporate sabotage.

Thinking hypothetically, what would be the direct – and indirect – impact of hundreds or thousands of people being led to believe that you were giving away free merchandise to anybody who showed up at your business next Saturday? It has been sometimes said that all publicity is good publicity, but it does not take much imagination to realize that this adage can be far from true.

Sadly, it is extremely easy to build an official-looking page with very little skill or talent. A con artist copies and pastes a few graphics and trademarks, registers a deceptively similar page name, then posts something that sounds so good to the unwitting that it goes viral faster than it can be taken down. If your business ever finds itself in this unenviable situation, it is imperative that you immediately report the bogus site and that no time is wasted before engaging in damage control and exposing the hoax as broadly as possible.

This post was written by Peter Pelland