As you probably heard, Facebook recently announced that it is working on a “Dislike” button at last.
Well, perhaps not exactly a Dislike button, or perhaps not only a Dislike button, but something beyond just good old “Like”, anyway.
And “Dislike” was definitely one of the, errr, likely and well-liked possibilities in Mark Zuckerberg’s recent Q&A on the topic.
We were careful, when we wrote the story up last week, to note that nothing was certain yet, no matter that it probably would happen some time in the future:
So, we still don't know why Facebook doesn't have a Dislike button, and we can't yet be absolutely certain that it ever will.
But we're betting that it's going to happen.
The important thing about a Facebook-provided Dislike button, of course, is that you wouldn’t need to go to some random-looking third-party site to download it.
So, Dislike button scams ought to be obviously bogus these days.
After all, Facebook itself just reminded us that it doesn’t have Dislike yet, but that if it gets one, it will be an official part of Facebook itself.
In other words, just as you wouldn’t fall for Like button scams, you now know to ignore anything from third parties about Dislike.
But that hasn’t stopped the crooks.
The latest Dislike scams
Over the weekend, several Naked Security readers warned us about a resurgence in Dislike button scams, trying to prey on users who like to be early adopters, or ahead of the crowd.
Here’s what they’ve reported, and what we’ve seen too:
Get newly introduced facebook dislike button on your profile.
Dislike button is invite only feature.
LINK TO CLICK THROUGH TO
The samples we’ve seen tend to have have links formatted like this:
XXX999999X.DI?LIKE.TLD
In the example above: X stands for a random letter, 9 stands for a random digit, and ? stands for S or R, spelling out DISLIKE or DIRLIKE.
The TLDs, or top-level domains, that we’ve seen include several of the newly-introduced non-country-specific domains, such as .HELP, .RACING and .XYZ.
Of course, the crooks could change the formula they’re using to create these website names, and other crooks could jump in with a competing scam using completely different links.
Use the strangeness of the link only as one of many hints that you are looking at a scam, not as your primary means to detect it!
What happens next
If you click through, the scam unfolds like many “you know you want this” tricks we’ve written about before, on Facebook and on other social networks.
To go forward, you must first recommend – in fact, you must actively promote – the link you just clicked on:
There are two steps: Share it with your friends, and Send it to five of the Groups that you belong to, before you find out what on earth it is that you’re sharing or sending.
That’s the main way you know that this, or any other Facebook link of this sort, is crooked, and that you should stay away: you can’t possibly recommend something without knowing what it is.
Think about it: it’s as good as a matter of definition that you can’t like, let alone recommend, something you’ve never seen.
So, unless and until you get all the way through the process without once getting worried, and until you actually end up with a Dislike button as promised, you can’t recommend the posting, and that’s that.
If a posting expects you to advertise it before you know what you are promoting, DON’T DO IT.
At best, even if the company is genuine, you are misleading your friends with a half-truth.
At worst, as in this case, you are suckering them into advertising someone else’s fraudulent behaviour under their own name.
What happens next?
The crooks will redirect you to one or more revenue-generating sites – in fact, this eventually happens even if you don’t Share and Send the original link as stated.
In our tests, we ended up on two bait-and-switch scam sites, neither of which had anything to do with Facebook, or a Dislike button, and both of which wanted us to sign up by giving away personal information:
One was a get-rich-quick scheme, promising the astonishingly precise return of $1419 in the first hour.
The other asked us to participate in a survey of our choosing.
Typically, the crooks will have signed up as affiliates for the surveys or software downloads you’re being offered, and will be paid a small fee if you sign up.
That’s how they make their money.
And that “invite only Dislike button” you were promised?
There isn’t one.
That’s why it’s called a bait-and-switch, not a bait-and-then-get-what-you-were-promised-even-though-you-only-half-expected-it.
cagboulder
do you want to correct a typo in your story?
After all, Facebook itself just reminded is that it doesn’t have Dislike yet, but that if it gets one, it will be an official part of Facebook itself.
“is” should be “us”
Paul Ducklin
Fixed, thanks!
Adam
One more typo to fix:
“XXX999999X.DIS?IKE.TLD” “[…] ? stands for L or R, spelling out DISLIKE or DIRLIKE”
By that formula, wouldn’t it be “DISLIKE OR DISRIKE” ??
Paul Ducklin
Fixed, thanks.
Adam
Last one:
XXX999999X.DIS?IKE.TLD
was somehow changed to
XXX999999X.https://nakedsecurity.sophos.com/2015/09/21/guess-what-facebook-dislike-scams-are-back/DI?LIKE.TLD
Looks like the URL was accidentally pasted in there…?
Paul Ducklin
Aaaaaaaargh. Not sure what happened *there*. I think I have sorted it now. Sorry about that.
Adam
No worries.
It happens to everyone, at one time or another.
Everything looks good now, though. :)
Karen Reznek
Facebook has removed this article from both my feed, and from the friend’s feed I got it from. And will not allow me to re-share. Something tripped up in the algorithm?