Like Fraud: Don’t Like This Post

Whatever you do, don’t Like this post.

Seriously, don’t. Otherwise, you’ll end up Liking a very different site other than this one.

This is an example of possible Like fraud. If you know HTML, this is surprisingly easy to do. Just grab the code from Facebook and modify the “href” parameter, like this:

<iframe src="http://www.facebook.com/plugins/like.php?href=http%3A%2F%2Fwww.url.com&layout=standard&show_faces=true&width=450&action=like&colorscheme=light" scrolling="no" frameborder="0" allowTransparency="true" style="border:none; overflow:hidden; width:450px; height:px"></iframe>

That means you can take this part of the code (in bold):

href=http%3A%2F%2Fwww.url.com

and swap in whatever URL you’d like. The poor unsuspecting user who clicks on that Like button is now a fan of whatever URL you placed in there, like NaughtyNurses.com.

Furthermore, you can include some metadata to change the text of what appears in the activity stream of the PUU. Facebook gives developers two ways to do this: one with their XFBML tag & JavaScript SDK, and one using meta tags (shown below):

<meta property="og:title" content="Title of Content"/>
<meta property="og:site_name" content="Name of Site"/>
<meta property="og:image" content="http://www.url.com/img.jpg"/>

Though I haven’t tested it enough to confirm this, I believe the image you can associate with the Like button (which must be 50×50 px in size) can appear in the PUU’s list of Fan Pages.

Pretty easy, huh?

I have a bad feeling Facebook’s Like buttons will be abused like this. It’s just too easy to do. Since their code is embedded within the sandboxed environment of an iframe, it won’t be easy to protect users from Like Fraud either. But hopefully the developers at Facebook are aware & looking into this.

P.S. I originally embedded a rather risque URL in that test Like button. But I’ve replaced it with a URL to my web development agency, WebMocha, so I don’t get anyone in trouble and have something like, “John likes Naughty Nurses” appear in their activity stream, hilarious as that would be.

So if you want to test this hack out, feel free to safely click on the Like button. What you’ll see on your Facebook wall is something like “John likes WebMocha: Web Development Done Right.” I promise we won’t do anything malicious with your endorsement of our agency. Or will we? Muhaha. Just kidding!

Author: Mike Lee

An idealistic realist, humanistic technologist & constant student.

One thought on “Like Fraud: Don’t Like This Post”

Comments are closed.