Inside Facebook and All Facebook are both reporting that Facebook is planning on introducing a new tool to their advertising platform to help protect users and increase transparency. Unfortunately, this new tool could actually have the exact opposite effect by making Facebook ads even more dangerous to click on.
What it Does
The change is actually very simple. If an ad directs you to a destination outside Facebook, it will display the ad’s destination URL by placing that URL in a prominent location just below the headline and above the ad’s image (see picture). The idea is that you will now know exactly where you will be sent if you click on that ad. It’s a new layer of protection, right?
What’s the Risk?
The risk is that it’s ridiculously easy to dupe the user. How? Because while you may indeed be sent to the URL being displayed, Facebook has not indicated that they are doing anything to validate that the destination itself is safe.
But how could the destination not be safe if Facebook is showing me where I’m going?
Here are two likely scenarios that someone with malicious intent could set up in minutes. In both scenarios, you see an ad on Facebook with the URL http://www.ThisSiteIsSafe.com. You click on it. This is what could happen:
1) The site you arrive at injects malware into your computer or does other evil things.
2) The site you arrive at immediately redirects you to yet another website that could inject malware into your computer or do other evil things.
Certainly Facebook could, and should, add some sort of ongoing validation service to investigate these destinations. I say ongoing because it would be simple for the “advertiser” to set up a benign site that could revert into a malicious site as soon as validation is completed.
While I applaud Facebook for their attempt to protect users, they certainly have not thought things through. Until then, Clickers Beware!
What do you think? Let me know in the Comments.