There have recently been several articles posted around the web on whether or not Facebook advertising is a good value for advertisers, given how many clicks and likes seem to come from fake accounts and botnets.
But here's an advert I came across on Facebook this afternoon:
This immediately struck me as strange, since I hadn't heard anything from Halifax bank about this, and the URL doesn't look legit.
So of course I went into a safe environment and simluated clicking that advert. First, it redirects to "bank-account-refunds.co.uk/h/" and ends up on the site below:
The rest of the page is a simple form asking for your full name, email address and phone number. This is obviously a phishing attempt; the page doesn't even use HTTPS.
I contacted Halifax over Twitter and they confirmed almost immediately that this isn't legit:
Actually, I couldn't report it as spam because the ad was no longer displaying in my Facebook sidebar. I decided to give the page a refresh to see if it came back, and it did. Facebook does give the option to hide an advert and mark it as spam, but no option for reporting fraud.
If you've advertised on Facebook before, you're no doubt aware that Facebook delays showing new adverts as part of some kind of approval process. Clearly this approval process is being defeated if fraud is slipping through. I've always wondered how Facebook would deal with adverts that get approved and then add in a redirect later.
There's a lot to speculate in this realm, but I'm not going to do that now. I just think it's worth thinking about how Facebook is going to police their advertisements. Of course, they will bear no responsibility for users clicking on fraudulent adverts, and if pressed they will no doubt issue a statement in meaningless corporate English about doing everything they can to protect their users...etc etc.
Except they're not.