Facebook Security 104: You’re Smarter than That. Really, You Are.

Summary: Nothing’s free.  You won’t get anything for clicking Like.

This is something of a follow-on to the previous note about scams, but, in this note, I want to address how to determine whether or not something actually is a scam.

Recently, a Candy Crush Saga scam was brought to my attention.  It offered an insane number of boosters for free, if you clicked Like, commented on a post, and then clicked through a bunch of free “offers.”

So, how could I tell that it was a scam?  Here are a couple of tips.

1. If it sounds too good to be true, then it probably is.

Candy Crush makes its money by selling boosters and the like.  The offer was giving away an insane number of boosters, for free.  All you had to do, was click Like, comment, and click through a few “offers” that collected your personal data.  See my earlier note for more information on what you give up, by clicking Like.

2. The offer was not posted on the official page for Candy Crush Saga, by one of the page administrators.

There were a number of clues for this.  The scammers set up a page that looked a lot like it could be the official Candy Crush Saga page, even going so far as to steal graphics from the official page.  However:

  • The scam page’s history only goes back a month or two.
  • There were only about 70,000 likes.  The official Candy Crush Saga page (as of this writing) has almost 40 million.
  • The grammar on the page was atrocious.  Many of these scams come from countries like China and Russia.

To get to the official Candy Crush Saga page, type “Candy Crush Saga” into the search field at the top of the page.  That will likely get you there.

Now, looking at the official page, you’ll likely find a few scams.  How can you tell?

  • They were not posted by the page administrator (the header on the post was not the same as the name of the page).
  • They prevailed upon people to like the post.  The page administrators already have your info, so there’s no reason why you should have to like an individual post.
  • The message contains a link to a website that does not belong to King, the publisher of the game (ie- it doesn’t start with www.king.com).
  • The message was posted in response to another post.

To the first point above, here’s an official post:

Here’s a scam post: