Shady internet marketers who’ve been banned from advertising on Facebook have come up with a way to keep running campaigns on the platform: paying people to “rent” their Facebook accounts.
The rental economy for Facebook accounts is yet another example of how people attempt to exploit the platform’s ad system in order to avoid bans and conceal who is really behind a campaign. With a rented account, a person can create a new page and quickly begin running ads. And even if Facebook eventually blocks those ads and bans the account, an ad launderer can move to another rented account and start over — without Facebook or anyone else knowing who they are.
“People who sign up for these programs are effectively ad-mules,” said John Amirrezvani, a security researcher who describes these schemes as “ad laundering,” because the people running them find and pay others to help them bypass Facebook restrictions.
Amirrezvani, who works as a security researcher with Novetta, will present an overview of ad laundering at the ShmooCon security conference Friday. He shared some of his findings with BuzzFeed News, which was able to document additional websites, YouTube videos, and message board threads where people are being promised as much as $500 a month to let someone use their Facebook account to run ads.
Some ad launderers even send people a free laptop if they sign up. The laptop comes preinstalled with software that enables the launderers to run ads from the user’s Facebook account, along with potentially engaging in other invasive and risky behavior.
Online message board postings found by BuzzFeed News suggest rented accounts are being used to place ads for scammy offerings, such as online casinos and male enhancement products. (Facebook has a more stringent process for anyone trying to run political, or what it calls issue-based, ads, though it too has loopholes people have exploited to conceal who’s behind them.)
Based on his research, Amirrezvani estimates that thousands of people have signed up for these schemes. “So it’s safe to assume they’ve been wildly successful,” he said.
Rob Leathern, a Facebook product manager on the ads team, told BuzzFeed News the company has been aware of, and acting against, account rental schemes for roughly two years.
“We’ve seen isolated examples of these kinds of account rental services and when we do, take action to find and terminate affected accounts,” he said in an emailed statement.
“Giving anyone else access to your Facebook account could not only compromise your information, but is a violation of our terms and could lead to your account being suspended,” he said.
A huge security risk and “a terrible idea”
Sites offering to rent Facebook accounts have domains such as fbcash.net, fbdollars.com, fbrenters.com, and rentusyourfbook.com. BuzzFeed News also found one in Spanish, rentafb.com, that has a sister site in English, fb2cash.com. These sites typically say they are looking for people with real Facebook accounts that have existed for at least one year, that are based in the US, and that have not previously run ads on Facebook.
Those interested in renting their account fill out a contact form and, if accepted, are asked to do one of two things: install a browser plugin built by the ad launderers or enable the launderers to virtually access their computer in order to set up a Facebook ads account linked to their profile.
Some sites utilize a program called TeamViewer that’s typically used for technical support, and that requires a user to provide remote access to their computer.
Amirrezvani emphasized that giving remote access to your computer to an unknown party is a huge security risk and “a terrible idea.”
“They can easily install a backdoor or steal your personal files including but not limited to personal photos, electronic tax records, banking information, etc,” he said.
He also examined the code and behavior of the Chrome extensions and found they also gain an alarming amount of access to your computer.
“After completing registration, the user is asked to install a backdoor on to their system for the purpose of manipulating their Facebook account to purchase ads,” he said. “The Chrome extension is installed in such a way that it continues running in the background even when the browser is closed as long as the computer is on.”
At least one account rental scheme was even more dangerous, according to information posted on Reddit. In 2015, The site rentyouraccount.com was paying people to connect a small Raspberry Pi computer to their internet router in addition to handing over their Facebook account login. One person who said they analyzed what the Pi was doing found it was buying ads on Facebook as well as connecting to a botnet. A thread on Reddit from just three months ago, and which featured photo evidence of a Raspberry Pi attached to a router, shows that this version of the scheme is still active.
In spite of the risks, the websites for these schemes go out of their way to assure people that it’s not a scam or security risk and that it does not violate Facebook’s policies — none of which is true.
Many of the sites also offer a referral fee to users who recruit other people to rent their accounts. This way an ad mule can still earn money even after they lose their account. Partially as a result of the referral programs, there are people promoting account rental services on websites, YouTube, Twitter, and elsewhere.
At least some of the ad launderers who control rented accounts also rent or sell them to others for a fee. One launderer who goes by the name “Slickdealsposter” told BuzzFeed News in a Skype chat that he charges 5% of the amount being spent on ads, or $15 per day to rent one of his accounts. On one message board thread, a different ad launderer said they would sell five rented accounts for $3,199. They also cautioned people against running ads for male enhancement products, as they are likely to get an account banned.
“We recommend not [to] promote male enhancement ads because the category is of high risk,” they wrote, noting that they’d been able to maintain one rental account for eight months “and it is still live for casino ads!”