Well, there’s a lot of Facebook spam around, and it varies from traditional hoaxes and chain letters flourishing in a new(-ish) medium, to outright malicious applications (Koobface, anyone?) to spam used to generate interest in surveys that make pay-per-click/pay-per-like profits for the spammers, to traditional scams like phishing and 419s. That shouldn’t be news to you. However, you might be interested to note how successful it is compared to the more traditional email vector. The short answer is… very….
Does this surprise you? It shouldn’t. Apart from the fact that so many Facebook users still think of the service, despite all the evidence to the contrary, as a safe environment, there’s a vital difference between the two messaging contexts.
Email spam is attacked on many levels, and a very high proportion of it is filtered by mail providers before it ever gets near the end user’s gateway. Much of the residue is picked up at the corporate or ISP perimeter, and what remains still has to get through mail server filters, application filters, internet security software on the desktop and so on.
Facebook spam is much less susceptible to many of those countermeasures, and while desktop security software may pick up nasties like Koobface, more generalized spam in the FB context presents more problems. At the provider level, no-one has the same control that Facebook does over Facebook’s spam, but that’s the problem. I don’t say that Facebook doesn’t take the spam issue seriously, but does it have the resources to expend on an escalating problem? And it is a problem.
Actually, spam filtering has always faced a conceptual problem: while some spam is unequivocally malicious and/or “spammy”, many messages are borderline, where one recipient sees as spam what another sees as legitimate marketing, even desirable information.
Facebook, with its emphasis on sharing information, is not necessarily best equipped to make that distinction, and nor are many of its users. Time after time, I see my FB page cluttered with “X likes Y” news messages, and I often can’t tell whether it’s a genuine expression of approval, viral marketing, or spam claiming yet another victim.