The Next Web is reporting that Toyota has taken to Twitter to advertise their new Camry Effect by offering Twitter users the chance to win one of the new cars. The account @CamryEffect was replying to users who used a Super Bowl related hashtag like #Giants or #Patriots and replying to the tweet with the same offer to win a car every time.

What made this worse is that Toyota set up verified accounts for @CamryEffect alongside @CamryEffect1, @CamryEffect2 and so on. This allowed the company to effectively spam their Twitter campaign to every user who was using Super Bowl related hashtags.

Users were bombarded with the same tweets over and over again until they decided that enough was enough. They took the matter to Twitter who seemingly ignored the reports.

Thankfully, the company, either through Twitter telling them to stop or through their own realization, has stopped the spam campaign. They have suspended all the extra @CamryEffect accounts and made the original private.

Toyota apologized for the spam campaign via a statement:

We apologize to anyone in the Twitterverse who received an unwanted @reply over the past few days. We were excited to share the message of our Camry Effect campaign in a new way and it was never our intention to displease anyone. We’ve certainly learned from this experience and have suspended the accounts effective immediately to avoid any additional issues. Kimberley Gardiner, National Digital Marketing & Social Media Manager, Toyota Motor Sales, U.S.A. Inc.

This is just another example of social media gone terribly wrong. You would think that companies would learn by now. If you want a successful social media ad campaign, don’t shove it in their faces.

DMARC stands for Domain-based Message Authentication, Reporting and Conformance.

The companies involved include: Google, Facebook, LinkedIn AOL, Microsoft, Yahoo, PayPal (eBay), Bank of America, Fidelity Investments, American Greetings, Agari, Cloudmark, eCert, Return Path and Trusted Domain Project.

In a post on Google’s Online Security Blog, product manager Adam Dawes writes:

Industry groups come and go, and it’s not always easy to tell at the beginning which ones are actually going to generate good solutions. When the right contributors come together to solve real problems, though, real things happen. That’s why we’re particularly optimistic abouttoday’s announcement of DMARC.org, a passionate collection of companies focused on significantly cutting down on email phishing and other malicious mail.

We’ve been active in the leadership of the DMARC group for almost two years, and now that Gmail and several other large mail senders and providers — namely Facebook, LinkedIn, and PayPal — are actively using the DMARC specification, the road is paved for more members of the email ecosystem to start getting a handle on phishing. Our recent data indicates that roughly 15% of non-spam messages in Gmail are already coming from domains protected by DMARC, which means Gmail users like you don’t need to worry about spoofed messages from these senders. The phishing potential plummets when the system just works, and that’s what DMARC provides.

“Email phishing defrauds millions of people and companies every year, resulting in a loss of consumer confidence in email and the Internet as a whole,” said Brett McDowell, Chair of DMARC.org and Senior Manager of Customer Security Initiatives at PayPal. “Industry cooperation – combined with technology and consumer education – is crucial to fight phishing.”

“BITS has been committed to defining and improving email authentication standards and practices to meet the financial services industry’s needs. DMARC’s evolutionary approach is critical in assuring these needs are met for years to come,” said Paul Smocer, President of BITS, the technology policy division of The Financial Services Roundtable.

DMARC is encouraging interested organizations to read the specification, join their mailing list and start testing and deploying standards, by learning the details at DMARC.org.

CNET is reporting that there’s a new spam scam hitting Facebook today. The message is innocuous enough: Mark Zuckerberg has just sent an e-mail informing the lucky winner that they have won a free iPad.

Now the link to claim the free iPad doesn’t take people to Facebook, but rather a promotional Web site that claims to need your e-mail address, phone number and other account information.

If the “lucky winner” tries to claim their prize, they will be taken to a Web site that explains they are a potential winner. So we’re now going from winner to potential winner. To really win, you have to answer a simple question. It’s like if the lottery required winners to answer a random trivia question to claim their money.

The scammers aren’t all terrible people though, so they warn everybody that claiming the free iPad will add a small weekly fee onto your phone bill. At least they were nice enough to warn people in the smallest print possible.

Like always, the real reason for this is that the spammer gets an affiliate commission every time somebody is foolish enough to sign up for the contest.

As CNET points out, the best part is that Mark Zuckerberg apparently sent the e-mail via a hotmail account. Who still uses that anyway?

As with all these scams, use common sense. It’s highly unlikely that Apple and Facebook would give away free iPads. If it sounds too good to be true, it probably is.

[Lead image courtesy of Technologizer]

It’s pretty well documented that Facebook users are adverse to change. Good changes, bad changes – it doesn’t matter. Any tweak that Facebook makes is sure to infuriate a variable portion of the population. Seriously, people bitched about the News Feed when it debuted years and years ago.

So, holding true to the any change is bad truism, the Timeline is not universally popular. Although (an unscientific friend study tells me that) it’s not even close to the most unpopular shift that Facebook has ever made, it definitely has its detractors. And Facebook Timeline hatred is fertile ground for malicious, spammy apps.

Scammers are taking advantage of some users’ desire to revert back to the old profile and do away with the Timeline. Numerous pages and apps have popped up in recent weeks that claim to be able to deactivate the Timeline. The pages ask users to click like buttons, share things with friends, etc.

But of course, all of this work fails to lead to the removal of the Timeline, but instead allows scammers access to user data as well as the ability to spam the hell out of their friends.

Here’s one of the many pages that tout deactivation services. As you’ll see, the steps that it asks users to complete are pretty ridiculous – but you’ll also notice that nearly 7,500 people have participated.

Inside Facebook says that they have spotted 16 Timeline-related scam pages totaling more than 71,000 likes. Many of these pages and apps appear on the first page of results for the phrase “timeline.”

Of course, not all of the pages look as “legit” as the one above. Even this page has managed to get 2,500+ likes:

The official Facebook Security page has yet to specifically address the issue. In the meantime, the best thing that you can do if you run across one of these pages is to report it as spam.

Just don’t click “like” twelve times in the hopes that your Timeline will go away.

The Wall Street Journal reports that spam is attacking social networks more than ever before thanks to the lack of filtering software and legislation as such methods are making email attacks increasingly difficult.

The report uses the example of one spam attack that offered free iPads to those who clicked the link on Facebook, but the link instead led to malware that caused Facebook to rebroadcast the spam to the friends of the original recipient.

While spam is becoming an increasing problem for social networks, the percentage of spam on these networks is still relatively low compared to email spam. Facebook says that less than 4 percent of the content shared on their site is spam, whereas Twitter says just 1.5 percent of all tweets were spam in 2010.

Facebook is gearing up their engineers to counter this problem with 30 people on a team that’s fully focused on countering spam. This is up from only four people working on Facebook integrity in 2008. This is on top of 46 people working in security as well as 300 people focused on user issues. Facebook says that a third of their 3,000 employees are fighting spam in some capacity.

The inherent danger with Facebook spam is that it tricks users into thinking the link came from friends, people they trust. The spammers create false Facebook profiles and then “friend” people they don’t know. They share spam links which spread through each person’s friend networks.

The more dangerous spam plots involve offering free products like the aforementioned free iPad scam that can take over web browsers or entire computers. Attacks are also getting far more sophisticated with attackers impersonating users and entering chats with people who assume they are talking to a friend.

Facebook has been especially frank about the operation of their anti-spam measures while giving users sound advice on how to avoid spam.

Spam is no new problem for Facebook as they dealt with a massive spam attack last November that sent images of hardcore porn and gore to users. It was caused by a browser vulnerability that created an easy way for the images to spread between users that clicked on the links.

Fortunately, a spammer’s weakness is anything that costs money or takes a lot of manpower to do. Facebook can use this to their advantage by requiring suspicious accounts to prove their humanity, thus blocking computers from being able to create more spam.

The efforts seem to be paying off as Twitter reports that spam tweet rates were at 1.5 percent in 2010 compared to 11 percent in 2009. They have also set up an account for users to report spam while offering tips on how to avoid falling for spam or phishing schemes.

Facebook is in it for the long run. “This is a game where there is never going to be a winner or a loser. We’re just going to be battling it out,” Pedram Keyani, a Facebook engineering manager, said.

UPDATE: Chester Wisniewski, Senior Security Advisor at Sophos Inc., told WebProNews in an email:

“The problem with spam on social media is that there is very little, to nothing that a user or company can do to filter it. The onus is on the social media provider to do the filtering because they control all entrance and exit points, unlike email where people have some control to implement their own filters.

Aside from relying on Facebook, Twitter, LinkedIn or Google to do a “good job” the best most people can do is implement a good web security filter to look for malicious or spammy URLs and prevent your browser from going to content that may be harmful.”

Looks pretty legit to me. It was even sent from nytimes@email.newyorktimes.com, which is a pretty valid sounding email address. There’s even all that legalese small print at the bottom. But… I don’t subscribe to NY Times. I have an account with them so I can occasional comment on articles, but I am on the cold side of their paywall so I wasn’t really sure what to make of this email. I almost wondered if I was supposed to be mistakenly receiving the New York Times while on someone else’s dime and so I immediately strategized how I might take advantage of this mistake. Three seconds later, however, I ignored the email. Then it became clear that lots of other people received this email too much to other recipients’ confusion. Of course, mass confusion amounts to speculation that The Times’ database got hacked.

In other words, nobody knows what’s going on and so chaos is on our doorstep.

Three hours later, however, The Times posted an explanation of the whole snafu in which they own up to being the authors of this spam.

The New York Times said it accidentally sent e-mails on Wednesday to more than eight million people who had shared their information with the company, erroneously informing them they had canceled home delivery of the newspaper.

The Times Company, which initially mischaracterized the mishap as spam, apologized for sending the e-mails. The 8.6 million readers who received the e-mails represent a wide cross-section of readers who had given their e-mails to the newspaper in the past, said a Times Company spokeswoman, Eileen Murphy.

“We regret that the error was made, but no one’s security has been compromised,” she said.

At nearly the same time, The Times issued the following email to the recipients of the confusing email from earlier today:

Intriguing!

Actually, it’s not intriguing at all. It’s the anti-intrigue: turns out that it was a Times employee that accidentally sent the email, which resolves the question of whether it was Epsilon Interactive, the service used by The Times to interact with subscribers, that got hacked. I’d hate to be the poor intern (I’m presuming it’s an intern) who accidentally emailed millions of people that has to answer for this anti-event. It may be the employee’s fault that the readers got an erroneous email, but how hard is it for readers to dismiss a strange email and send it to the Trash bin? Are people really that easily perplexed by questions for which they already know the answer? No, you don’t subscribe to The Times, then you probably still don’t subscribe to The Times. Yet people got so confused and ensnared on the mystery of whether or not they could actually remember if they were subscribed to The New York Times in the first place so, as if victims of a bewitching goblin spell, they could not bring themselves to snap out of it and simply click Delete. And we’d never have to think about this moment ever again. It would’ve been so easy and yet, here we are at the end of the work day and people are still talking about it. Like me. So it goes.

In response to the question: “Are there people at Facebook that do not have a Facebook account?” Bosworth responded:

“No, our tools require that all employees have an account.”

Bosworth has been fairly active on Quora, dropping nuggets about the company here and there. Another recent question he addressed was: “Are there any employees of Facebook that feel uneasy about their company’s success and its future, going into 2012, and would like to elaborate on it?”

He said, “Probably not.”

When a Quora user asked, “How many Facebook messages can I send to anyone or specific person per day?” he said:

“There are no fixed limits. We have numerous safeguards against abuse which could limit you if your behavior appears to be spammy or unwanted and even those are adaptive so there is no set rule.”

Anyone recall the guy who sued Facebook for $1.00 after being labeled a spammer by the company?

According to a report (via Technology Review) from the makers of browser plug-in, Ghostery, one of the main causes of website slowdown is, provided the hosting service is working as normal and there’s nothing interfering with Internet access, all of the widgets and embeds site owners include in their site’s backend.

In fact, if you’re going by the blog post’s text, many of the slow website loading issues can be pinned on analytics scripts and/or widgets. The post even features a graph showing the biggest offenders in relation to site slowdowns:

As you can see, one of the biggest offenders in relation to site lag is a service called Avalanchers, which appears to be blog network suggestion site, but, as Technology Review says, it also comes across as a spam-filled link-sharing network, which is just the kind of thing you want to avoid if you don’t want to get bit by Google’s Panda movement. Not only is associating your site with such networks haphazard, at least in relation to Google rankings, slow website load times are a great way to ensure visitors don’t return to your site.

Based on the GhostRank panel findings, here are some additional points of interest, based on their findings:

• Avalanchers’ load time exceeded its next closest competitor, AdFunky, by a whopping 1,300 milliseconds.
• If you were to load all of these elements on one page, in succession, they would add about 22 more seconds to the page’s load time. Think about that.
• From a transparency standpoint, most of these companies don’t disclose how long they retain the data they collect or who they share it with.

Simply put, if you are trying to produce a quality site that appeals to your visitors — remember, we are now firmly in the grip of the holiday shopping season — avoiding these products, especially if used in conjunction with others on the list, is something to avoid. If search engine rankings, especially Google, is something you cherish, you’ll avoid these services as well. Not only does Google frown upon link-sharing networks like Avalanchers, slow-loading sites are not embraced by Google, either.

Simply put, avoid services like these, especially if you are using a combination of them, if strong Google rankings are something you enjoy.

Much was made about the “cool” factor of Facebook as it was founded. Is it still cool today? Share your thoughts.

Now, it’s more like 800 million (a new report says Facebook had 721 million active users earlier this year). The valuation is much higher than reported at the end of the film. That number escapes me at the moment, and I don’t have the movie in front of me, but I know it’s ridiculously higher now. Recent estimates had it exceeding $80 billion.

Advertising

As the story goes, CEO Mark Zuckerberg was hesitant to put ads on Facebook when it was getting started. He wanted to see it what it could become first. He didn’t want it to lose that “cool” factor, which was also helped by its initial exclusivity to students of certain universities. A lot has changed since those days. Now, there are not only ads, but a huge ad platform that lets advertisers target people based on their likes and interests. And with “Sponsored Stories,” something you may have “liked” months ago could show up next to one of your friends’ news feeds as a “sponsored story”. For example, my colleague Josh told me he saw a sponsored story last night telling him that I like “Bing.” These stories are now much more in your face.

But that’s business. Facebook needs to monetize this enormous group of people it has, and that’s what it’s doing. I can hardly knock them for that. But not everyone understands or cares. Why do you think ad blockers are so popular?

Too Many Friends?

According to Facebook, there are 69 billion friendships among their active users. See the four degrees of Facebook.

According to a poll from Poll Position, 14% of Facebook users think they have too many Facebook friends, compared to 9% who said they want more (granted, the rest are ok with the number they currently have).

Too many friends can breed information overload. And if you’re friends with everyone you’ve ever known, there’s a good chance some of them are annoying you – especially if they invite you to a lot of apps and games.

There was even a National Unfriend Day created.

Shopping and Bill Pay

According to Gartner Research (as depicted in this infographic from MoonToast (via AllFacebook), companies will generate 50% of web sales via their social presence and mobile apps. It stands to reason that Facebook will be a major factor in that social presence.

However, The Street recently reported on a survey from BillingViews, finding that 87% of people would not be comfortable buying something through Facebook. On top of that, 94% said they wouldn’t pay a bill through Facebook. Security was cited as a main concern.

Sharing

Molly Wood at CNET put out a popular article the other day that’s generated a great deal of discussion. It’s called “How Facebook is ruining Sharing”. She says, “The slow spread of Facebook’s Open Graph scheme is totally ruining sharing. Here’s an excerpt, which basically sums up her point:

If your friends are using an app like The Guardian or The Washington Post’s new Social Reader, you’ll get an intercept asking you to authorize the original site’s app so that you can read the story. And, of course, so that every story you read will start being shared automatically on Facebook, thanks to the magic of Open Graph!

Now, it’s tempting to blame your friends for installing or using these apps in the first place, and the publications like the Post that are developing them and insisting you view their stories that way. But don’t be distracted. Facebook is to blame here. These apps and their auto-sharing (and intercepts) are all part of the Open Graph master plan.

You’ve no doubt seen plenty of complaints about the “frictionless sharing” that comes with an app like Spotify, where users can essentially spam their friends’ tickers with every song they listen to. There are ways to avoid this, but it doesn’t make it any less annoying to those who find it so. Keep in mind, that this “frictionless sharing” thing is really just getting started. The Timeline hasn’t even been rolled out yet.

Privacy

Privacy has long been a concern with Facebook for many users, though it’s hardly kept the social network from gaining momentum. After the last f8, when Facebook launched the new Open Graph, more concerns followed.

The Poynter Institute said Facebook and news organizations are pushing the boundaries of online privacy and that “Facebook again my have gone too far in its quest to make privacy obsolete and that this time some news organizations could get burned by going along with it.”

Poynter Digital Media Fellow Jeff Sonderman called out new Facebook apps like the Washington Post’s Social Reader, and similar offerings from The Guardian and The Daily, as well as Yahoo News, which has readers sign up to have their reading activity streamed to their Facebook profile.

Mashable founder Pete Cashmore talked about this in another article saying that he saw on Facebook that someone he knows professionally was reading articles with titles like: “Heather Morris on Breast Implants,” and “Perrey Reeves Shows Off Bikini Body (PHOTO).”

It’s not that these things are so bad, it’s just a matter of do you want everybody you know to know everything you read?

And there’s that whole tracking thing.

Take This Lollipop had a fun look at Facebook privacy:

Recent reports indicate that Facebook is close to a settlement with the Federal Trade Commission that would at least keep Facebook from making privacy-related changes that you have to opt-out, and would instead make it so users had to opt in for the changes to take effect.

Spam

Farmville requests and invites to events you’ll never attend are one thing. Getting spammed by your friends’ music listening is another. And getting pornographic images and pictures of dismemberments in your news feed is another still. Last week, there was a highly publicized attack on Facebook which spawned such images, and proved that Facebook is not invincible to such a thing.

Design

Facebook has had many design changes over the years, and usually when there’s a major overhaul, a lot of people are infuriated. That was no different with the last big change, which altered the way the news feed worked and added the ticker. Some people liked it from the start, and others have no doubt grown to accept it, but a lot of people miss the old Facebook, or other older incarnations. Design changes are a natural part of the evolution of any site, but when Facebook does a redesign, it has enormous ramifications for people’s perception of the site, because it has so many users, and it’s where so many spend such a large amount of their time online. Facebook gets points either way for bringing back the News Feed option to view by most recent.

Android

Facebook is pissing off Android users by not giving its Android app the attention it deserves. Facebook’s Android app is buggy at best. The company recently launched a new and improve iOS app, while leaving the Android app largely untouched. It doesn’t have the design or features of its iPhone counterpart, and it’s pretty bad about notifications.

This is a problem. According to Google, 200 million Android devices have been activated worldwide. I wonder how many of those people use Facebook. They’re also adding 550,000 new devices each day, Google also said.

Wrapping Up

I’ll be the first to admit that Facebook has changed the world, and has done a lot of amazing things. No company is perfect, and one can’t help but be impressed by the tremendous growth Facebook has seen in users, functionality and valuation. It really is astounding. They’ve forced other major Internet players to try and compete with them.

That, however, is one reason Facebook can’t afford to alienate users. While Facebook may still be the biggest social network on the block (by far), others aren’t backing down. Twitter seems to be gaining hipness with the youngsters, and is getting better and better, while being largely embraced by all facets of media. Google has a massive empire of users across its product list, and is integrating Google+ into all of those products.

Is Facebook becoming less cool? Tell us what you think.

On Monday, users began complaining that Facebook had turned into a porn site – saying that their news feeds were inundated with hardcore images. As the images spread, users began reporting violent pictures and gory images of animal abuse. The images were popping up on people’s feeds, claiming to have been posted by friends – although people had no idea that they were propagating the content.

Facebook has issued a brief statement, blaming the spread of graphic images on a “coordinated spam attack that exploited a browser vulnerability.” The specifics involved oblivious users adding “malicious javascript in the browser URL.”

Here’s the full statement:

Protecting the people who use Facebook from spam and malicious content is a top priority for us, and we are always working to improve our systems to isolate and remove material that violates our terms. Recently, we experienced a coordinated spam attack that exploited a browser vulnerability. Our efforts have drastically limited the damage caused by this attack, and we are now in the process of investigating to identify those responsible.

During this spam attack users were tricked into pasting and executing malicious javascript in their browser URL bar causing them to unknowingly share this offensive content. Our engineers have been working diligently on this self-XSS vulnerability in the browser. We’ve built enforcement mechanisms to quickly shut down the malicious Pages and accounts that attempt to exploit it.

We have also been putting those affected through educational checkpoints so they know how to protect themselves. We’ve put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defences to find new ways to protect people.

So Facebook is limiting users’ exposure to the penises – which is good. Users were a little more than incensed over the spam. Of course, spam attacks aren’t anything new to Facebook – but this one appeared to be particularly malicious.

While Facebook cleans up this latest mess, it doesn’t hurt to talk about what you the users can do to prevent stuff like this from happening.

First and most importantly, stop clicking on stupid links. Have an eye for stuff that sounds out of character for your friends to post. Anything that offers you a look into something private, or contains any of the phrases “OMG” or “I can’t believe this” might be a clickjacking scam. If a link offers to tell you how many people have looked at your profile page, for the love of god, don’t click it.

If you do find that you have fallen victim to something like this, it doesn’t hurt to change your password. And make sure that your privacy settings are set pretty tight on who can tag you in a photo.

Of course, if your friends fall victim to these spam attacks, you might not be able to stop the flood of unwanted imagery from hitting your news feed. Hopefully, with a little help from Facebook’s security team and a little more common sense from users, we can make this kind of thing happen less frequently.