The suits, filed in U.S. district courts in Santa Clara, Calif., and Seattle, respectively, contend that the defendants operated an advertising network that misled users into clicking on links that they thought would deliver certain types of content, such as videos or surveys, but instead installed malware on their systems and stole private information. The suits also claim that Adscend was aware and encouraged its affiliates to engage in this activity.
The Washington suit also alleges that the activity violates the state's Commercial Electronic Mail Act (CEMA) because Adscend aided its affiliates.
The complaints named Jeremy Bash and Fehzan Ali, as well as Adscend Media, as defendants. In a post on the Adscend Media website, the company called the allegations “absolutely and unequivocally false.” But the company pledged to stop working with any affiliates that may have been involved.
In its complaint, the Washington attorney general's office included a series of screen shots that demonstrated the alleged infractions, starting with a Facebook post that attempts to lure users to click on a link to see an erotic video. Clicking takes the user to a non-Facebook page where they are asked to click a “Like” icon. A picture of a woman from the shoulders up is at the bottom of the page.
This page takes the user to a fake age-verification page, which contains what the complaint described as a “content-locking widget” that would activate the Facebook Share button, which then posts the malware to all of the user's friends' pages. Rather than directing the user who “confirmed” their age to the video content, they are then directed to other “bait” pages that continues to steal personal information, the suit alleges. In addition, the suit said the Adscend affiliates were paid each time the user took one of the surveys on the bait pages.
The complaint alleges violations of the CAN-SPAM Act and seeks court orders blocking Adscend from accessing Facebook and targeting users. Neither suit asks for specific damages, although both ask that damages for the CAN-SPAM Act be tripled. The state also is asking for damages of $2,000 per violation of CEMA.
Users can protect themselves from alleged scams such as this.
There are browser add-ons, such as the no-script plug-in for Firefox, that will alert a user of scripts that are loaded from external pages, Marcel van den Berg of Team Cymru, a nonprofit that specializes in internet security.
There, however, are no scripts that can stop a user from entering their personal details in a form as a result of social engineering, he said.