Bartek Nowotarski

Co-Founder, CTO of Megafoni.pl - an Internet technology company dedicated in providing all sized businesses with easy to use social marketing solutions.
Founder of appverty.com - technology consulting company focused on building Social Media applications.
I completed my studies with MSc in Computer Science at Faculty of Mathematics and Computer Science, Jagiellonian University, Kraków, Poland in 2011.


May 8, 2011 at 2:21pm
Home

Fake votes in Facebook contests

Contests which include voting part are probably the most popular Facebook promotions. Developers should be aware of the fact that the more valuable prizes are, the more application is vulnerable to fake votes from cheaters who are able to create hundreads of accounts to win the contest. In one of photo contests run on our social media applications platform Megafoni, we witnessed such fraud.

Photo uploaded by a cheater had 265 votes from which 95% were votes added by fake users. Cheater made about 250 fake accounts like this below:

It looks like real Facebook user’s profile but there are several things that make us assume that something’s wrong. Each and every profile shows minimum information about user: we can only see person’s name, photo, education and work while default privacy settings also allows others to see wall and friends. OK, somebody may have changed his/her privacy settings but it can’t be coincidence that 250 people who voted on this single photo in the contest made it. Interesting fact is that photos added to these profiles are mainly stock photos, what we’ve determined using TinEye.

Another thing worth mentioning are IPs of voters. Votes came from 4 groups of IPs, each group has first two octets the same. All IPs belong to one of mobile networks, which probably assigns a new IP every time a subscriber connects to the network.

Next thing we are able to check is verified field we get by Graph API. When user verifies account by mobile or credit card the field has value 1, otherwise 0. All of fake accounts, of course, wasn’t verified.

What’s sad, when we typed cheater name and surname in Google we found plenty of pages with contests’ results in which he was a winner. People who administrated them didn’t (or didn’t know how) remove fake votes and allowed him to win. So if you run or will be running contest on Facebook, follow these instructions to avoid situations in which the person who gets a prize doesn’t deserve it:

  • Check if votes are added from the same IP addresses (or has the same firsts octets). Check IP owner.
  • Try to check verified field by Graph API. However notice that no all users verify their accounts.
  • Check if voters profiles seem fake.
  • You may use captcha what can eliminate voting scripts.
  • Require users to click a link in an e-mail sent to him/her in order to make vote valid.

You can also create algorithm which analizes factors above and determines which votes may be invalid. We developed one at Megafoni and made it part of our platform.

← Next post
Previous post →
Home  Archive  Mobile  RSS    
Themed by langer, powered by Tumblr.