Security firm Bitdefender says more than 200,000 people have fallen for the ‘Like-farming’ ploy, complete with malicious videos
Audi R8: you can't have two of these in return for a Facebook Like. Photograph: Martyn Goddard/Martyn Goddard/Corbis
You can’t get a free Audi R8 car by liking a Facebook post. Which sounds like an obvious statement, but according to security firm Bitdefender, more than 200,000 users of the social network have fallen for a ‘Like-farming’ giveaway promising exactly that.
The company has reported a Facebook page to the social network that has been soliciting likes and shares for a competition supposedly ending on 20 November tha would reward two “lucky winners” with the R8 cars.
Entrants were asked to like the page and share its post on their own timelines, while saying what colour car they’d like if they won. Bitdefender claims that the page has attracted nearly 180,000 likes and more than 210,000 shares so far.
Some of its posts include links to videos, which is where the scam gets worrying: Bitdefender says that some of the sites hosting those videos are also running the JS:Trojan.JS.Likejack.A code that can be used for “clickjacking on hidden commercials”.
“Like-farming may not seem the worse things scammers can do on Facebook. However, it has repercussions for users and companies’ reputations and can even lead to identity theft,” said Bitdefender’s chief security strategist Catalin Cosoi in a statement.
“Like-farming Facebook pages use the high number of fans to launch other fraudulent activities such as malware and survey scams to a wide audience. The database of unwary users can also be sold on the black market and used for more targeted attacks.”
The Audi R8 scammers fit into a long line of such hoaxes on Facebook, including baits encouraging users to see “who viewed your profile”, as well as fraudulent giveaways and fake videos of celebrities and terrorist activities.