Attack Of The Rude Facebook Shoes

What should you tell your Facebook friends to do when their accounts are hijacked by rogue sites that spam their feeds or worse? Here are some steps they can take.

David Carr

September 14, 2012

5 Min Read
Network Computing logo

Social Studies: Obama vs. Romney

Social Studies: Obama vs. Romney

Social Studies: Obama vs. Romney(click image for larger view and for slideshow)

"Snakes," groaned Indiana Jones, "why did it have to be snakes?"

Maybe signing onto Facebook isn't quite as dramatic as discovering the slithery guardians of the Lost Ark at the bottom of the cinematic Well of Souls, but it's how I feel some days. "Shoes (groan), why did I have to be tagged in a picture of shoes?"

For some odd reason, shoes are the common theme in a spam campaign that apparently has been going on for years, reflecting a longstanding problem with photo tagging spam on Facebook and presenting an inspiration to wannabe hackers. When I get that notification saying "John Smith tagged a photo of you on Facebook," and it links to a picture of shoes, what this really means is Mr. Smith has been hacked and will be confused when all his friends contact to complain about his foray into shoe sales advertisements.

[ Time to take a second look at G+? Read Guy Kawasaki: Google+ Is The Mac Of Social Networks. ]

Why shoes? Apparently, there is good money to be made advertising discount brands of fashion shoes. It's like every other spam campaign that makes you think, "How could anyone fall for that?" And yet, if you can reach enough people, you will reach a fair number of gullible sorts. I'd guess that when they place their orders, there's a better-than-even chance that they won't even get a pair of shoes; they'll just get their credit card numbers stolen.

It doesn't help that sometimes our friends (or Friends) really do abuse the Facebook photo tagging system, which was intended as a way for users who upload a photo to tag the people who appear in that photo. I fairly regularly get tagged by people who are trying to draw my attention to an image (for example, a scanned image of an event flyer), rather than tell me I am in the image. The first few times I got tagged in shoe photos, I thought these people were being obnoxious social marketers, not that they'd been hacked.

In one particularly embarrassing variation on the theme, the shoes are shown worn by people who appear to be engaging in sex acts--nothing blatant enough to trigger Facebook's porn filters, but highly suggestive. This version showed up in the feed from one city commission candidate I know who has either caught this same bug repeatedly or never quite managed to purge it from his computer or his account. And yes, I was tagged in the photo, although I'm pretty sure I didn't pose for it.Another question to ponder: why politicians? More often than not, the people in my Facebook network who go shoe crazy are local politicians or political operatives. Partly, this is probably a factor of me having too many politicos in my network. I would guess that it also reflects the emphasis many of them are putting on social media as a low-cost way of connecting and networking with voters. In the process, they might be a little too eager to connect with people and applications in bad neighborhoods, or click on the wrong links. This app wants permission to post to my feed? Sure, why not, if it will help me get more people to my campaign page. Then they wonder why they're suddenly getting a rush of messages asking, "Why are you spamming me?"

My wife said she saw a version of the sex-and-shoes ad pop up in the feed from our congressman, although it was gone within minutes--meaning, I presume, that either an alert staffer saw it and deleted it right away or someone flagged it as an offensive image, causing Facebook to deep-six it. The one I was tagged in by the city commission candidate's account also disappeared within minutes, and maybe that means he had enough on the ball to delete it before it embarrassed him further. Still, it seems to keep happening, and I'm pretty sure this is not the kind of attention he is looking to get on social media.

Rather than unfriend him, I'd like to help him figure out how to cure this affliction. The problem with giving advice is that social media spam can have any one of several causes:

-- The account password has been compromised and some other person or bot is logging in to send out this spam. I think this was the case with yet another politico in my circle who said she was locked out of her own account--and having a fun time trying to get support from Facebook--at the time she seemed to be afflicted with this shoe fetish.

-- The account holder has authorized an untrustworthy Facebook app, which now has permission to post to that person's feed.

-- The account holder has installed a browser toolbar, JavaScript bookmarklet, plugin, or other malicious program that comes along for the ride every time that person logs into Facebook.

I generally tell people to change their passwords and run a full anti-virus, anti-spyware scan on their PCs. That's a good start. I also recommend looking at the Facebook help pages for My account is hacked, My friend’s account is hacked, and My friend’s account is sending spammy links or creating spammy events and pages.

The advice Facebook provides is good, but I'm not sure it acknowledges the role that apps riding on top of the Facebook platform play as carriers. I'd recommend a thorough housecleaning of the apps attached to your account. How many of them come from a source that you absolutely, positively know to be trustworthy? How many can you delete right now and never miss?

Don't let a bad app walk all over you.

Follow David F. Carr on Twitter @davidfcarr. The BrainYard is @thebyard and

Social media make the customer more powerful than ever. Here's how to listen and react. Also in the new, all-digital The Customer Really Comes First issue of The BrainYard: The right tools can help smooth over the rough edges in your social business architecture. (Free registration required.)

About the Author(s)

David Carr

Editor, InformationWeek Healthcare and InformationWeek Government (columnist on social business)

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights