[aandon]

Product manager at fraud detection company Simility here. I'm very surprised Facebook hasn't put more effort into curbing fake accounts, makes me think it's very low priority for them. We have social network customers who are much smaller than FB, yet have gotten their fake account rates far below FB's.

One effective strategy we've employed not mentioned here is category mapping: if an account of type A, only targets accounts of type B for likes (especially if they ignore categories C, D, etc.), this is usually a high indicator of fraud. For example, one very common strategy is to create a fake account for an attractive female to friend many male accounts (especially relatively new accounts unaware of these tactic). This can be easily detected by analyzing the gender and account age of all targets and coming up with a diversity score. Low diversity score = likely fraudster.

[lazzlazzlazz]

> We have social network customers who are much smaller than FB, yet have gotten their fake account rates far below FB's.

The incentive to make fake accounts on Facebook is orders of magnitude greater than almost any other social network.

> One effective strategy we've employed not mentioned here is category mapping: if an account of type A, only targets accounts of type B for likes (especially if they ignore categories C, D, etc.), this is usually a high indicator of fraud. For example, one very common strategy is to create a fake account for an attractive female to friend many male accounts (especially relatively new accounts unaware of these tactic). This can be easily detected by analyzing the gender and account age of all targets and coming up with a diversity score. Low diversity score = likely fraudster.

Facebook has methods that radically exceed this method in both complexity, precision, and recall.

[aandon]

> The incentive to make fake accounts on Facebook is orders of magnitude greater than almost any other social network.

Not true. In the article, the writer pays Russell $15 for 1,000 likes. Being generous and assuming each of Russell's fake accounts can farm out 100 fake likes, he's making $1.50 per fake account before it gets shut down. Compare that to social networks where you can directly extract payments from other members by listing fake items for sale, laundering payments from fake credit cards (on other fake profiles) to yourself, or link-baiting other users. A single successful fake account on those networks can easily net you $100.

> Facebook has methods that radically exceed this method in both complexity, precision, and recall.

Agreed, and indeed Simility's models have much more complex methods too, but a) I wanted to post an interesting example everyone here would understand and b) I still say Facebook is not using anywhere near its full ability to stop these fake profiles given how rampant this fraud scheme is on their platform. (Again, follow the money, FB has very little incentive to stop these fraudsters who are only inflating their own numbers. It's important to keep them in check, but there's no incentive to waste resources stopping them.)

[lazzlazzlazz]

> Compare that to social networks where you can directly extract payments from other members by listing fake items for sale, laundering payments from fake credit cards (on other fake profiles) to yourself, or link-baiting other users. A single successful fake account on those networks can easily net you $100.

You're comparing apples to oranges: fake accounts used for "like spam", etc. are different with regard to their complexity and scalability than accounts used for phishing. There are phishing accounts on Facebook as well.

> Again, follow the money, FB has very little incentive to stop these fraudsters who are only inflating their own numbers.

Facebook has a massive incentive to stop fake accounts: fake accounts decrease meaningful conversions that lower the ROI for advertisers, which is tracked carefully both by Facebook and advertisers. This directly lowers the price for ad space on Facebook, and makes Facebook look noisier and less impactful than other channels.

Following the money leads a direct, unmistakeable path to a strong incentive to shut down fake accounts.

It's also very bad to accidentally shut down real accounts, especially in cases where users could be confused enough not to return.

[kbenson]

> Following the money leads a direct, unmistakable path to a strong incentive to shut down fake accounts.

I think the difference in opinion on that is that if you look at the long term, which you hope FB are, then yes fake accounts that reduce ROI for advertisers are bad. Unfortunately, they lead to a short term increase in FB ad revenue, which disincentivizes stopping fake accounts too effectively, as it may actually be a noticeable dip in revenue, depending on the scope of the problem.

In a worst case scenario, FB might be in a situation where 20% of ad revenue is from bad impressions, and completely stopping that, if they had the power, would have major negative repercussions for the company. There would need to be some hard choice made about the best path out of that situation. Not that I think this is necessarily the case, but it is an example of how the incentives may not be as clear as they seem.

[junker101]

> Facebook has a massive incentive to stop fake accounts

As an advertiser, I am pretty certain this is not the quite case in (current) reality. A large part of FB's proposition for more money from us includes:

A) Pay more for increased reach and engagement.

B) Our traffic isn't decreasing (despite outside reports/indications to the contrary) and you would be missing a massive and engaged audience if you didn't spend with FB.

This combined with the fact that a _lot_ of ad-spend isn't directly attributable to conversions (often by design), means that more "activity" whether its fake or not, drives up ad-revenue for FB.

You see the same issue occur with other publishers by the way. -It is not uncommon for a publisher (or other related party) to purchase a swarm of fake bot traffic to boost impression and engagement numbers of an ad buy they've sold. -Advertisers un-aware of how much of the traffic to their ads are bots vs legitimate humans (read: "publishers stealing money from advertisers") is a major problem for advertisers, but the bigger the publisher, the harder it is to 'not' be on their platform too. (and FB is _very_ big)

[lazzlazzlazz]

> B) Our traffic isn't decreasing (despite outside reports/indications to the contrary)

It's not. Even the "leaks" make clear that overall traffic is still increasing, both overall and per person.

> This combined with the fact that a _lot_ of ad-spend isn't directly attributable to conversions

I've seen direct reports from advertisers at my last job (doing social media analytics) that show how well they can quantify ROI for ad spend. Fake accounts would negatively impact this number, and it would be extremely obvious immediately.

[tn13]

True. It is like saying Windows has far more viruses than Linux and MacOS but often it is because of incentives and market share rather than lack of efforts on parts of MS to curb viruses.

But I don't think FB has put lot of efforts. I was being targetted by some fake account which was a Facebook profile of a company (created as user). I complained and reported the user several times. Facebook has not taken any action. From what I can see a simple regex on name should tell that "Taylor Swift Lover Group Admin" is not a human being and cant have a facebook account.

[bazqux2]

For big companies that benefit from being able to say they have lots of users there is a big incentive not to be good at finding fraudulent accounts. I worked in Big Data Analytics at one of these companies $10B+. We were separate from the fraud department. They'd filter out the fraud accounts and we'd have to re-filter because their behavior was so out of whack it would mess up our analytics. We tried to move our filters upstreams and teach the fraud dept how to identify these accounts but absolutely no-one was interested. Also it's common to have bonuses tied to user numbers.

[Alupis]

Facebook generates money from ad views, even if they're fake accounts. There's very little incentive for Facebook to mass remove fake accounts.

[lbrandy]

Hi. I worked on Facebook's anti-abuse infrastructure for awhile (I'm still at Facebook, but working on different things now). So while I didn't personally fight spam/fake accounts, I worked closely with those who did. I'll be blunt: based on this and your other comments, you don't know what you're talking about.

I'll go a step further and give you some unsolicited advice. The anti-abuse community amongst internet/game/tech companies is actually fairly close knit since it's one of the few places where everyone is on the same side and lots of "secrets" are shared (including, even, at the spam fighting conference we organized last year). I would bet a lot of people just rolled their eyes while learning of your company for the first time. You're already entangled in one argument from someone calling you on this silliness, but I assure they're not alone. I'd probably suggest reconsidering this approach.

[troisx]

I'll be blunt, too. I'm interested to know why it's so easy for Facebook users like me to spot fake accounts and report them, while your crack team at Facebook constantly ignores them and allows them to continue proliferating. I'm guessing you didn't get an inside look at Facebook's accounting that disincentivizes removing these fake profiles. Or do you have a better reason that Facebook repeatedly ignores reports of obviously fake users?

[aandon]

Indeed I know it's a close-knit community. Most of our 20-person team came from anti-fraud teams at Google. I'm guessing the "silliness" you're referring to is the talk of Facebook not being incentivized to block spammers. I think kbenson articulated best what I was trying to say, that there are tradeoffs in blocking good users and decreasing apparent user volume when fighting fraud. Facebook would obviously not be wise to catch every single fraudster because there would be a high number of false positives, so a balance must be struck. As I'm sure you know, fraud teams at many companies often clash with the marketing team because they're protecting the bottom line (sometimes at the expense of the top line) respectively, and vice versa.

[Wagthesam]

I worked at a company with a spam variable in the backend. 0 for eliminating most spam engagement actions like likes. 1 for letting all spam in.

We didn't set it to 0.

There's sometimes positive value in spam. Ex Instagram users get a boost when their pictures are liked, by someone real or not.

[chinathrow]

Wow, what a statement from someone so close to it. Not sure how to look at it.

We recently bought some likes for a page via FBs internal system. The likes we eventually received were nearly 100% identical in terms of names, looks (mostly arabian or oriental), even though the region we targeted was within central Europe - and lot's of obvious fake accounts in there.

[leesalminen]

I used their Pixel + Create an Audience tool to target a Page Like campaign at people who have visited my businesses' website previously. Very low spam / fake account % on that campaign.

[arcticfox]

I'm curious: do you think Facebook's anti-fraud measures are effective?

[drpgq]

Didn't Friendster spend an inordinate amount of effort on detecting fraud accounts?

[dk8996]

I know Facebook delete a bunch of fake accounts about 9 months ago.