Amazon token scam shows why you can’t trust Facebook’s AI

It’s been four months since Facebook first started showing ads for the “Amazon Token” cryptocurrency scam. New pages and ads continue to pop up on Facebook and eventually get yanked. It’s an easy enough pattern to spot. So why can’t Facebook block them before they go live?

First, facts. The Amazon Token advertised on Facebook is a fake. It is a scam — lots of people have lost their money. You are not getting a token authorized by Amazon — whatever you are getting, if anything, it has nothing to do with Amazon. This is criminal activity authorized by Facebook ads.

I first posted about this on August 27. My post currently is in the third position on a Google search for “Amazon Token.” As a result, that post about the scam has gotten 76,000 visits so far, making it my most popular post of the year.

Scammers are getting smarter. Facebook isn’t.

Soon after the first Amazon Token ad and page appeared on Facebook, it disappeared again. Presumably, people reported it and Facebook determined it was a fake. The Web pages that those posts linked to were all subdomains of sketchy non-Amazon pages like “orders-presale.finance”. Those pages also disappeared shortly after they appeared, probably because the Web hosts or domain registrars realized that the sites were being used for scams.

Scammers are like a virus. They keep mutating; some variants die, but others survive and multiply. The scammers behind the Amazon Token fraud — or others copying them — must have kept trying. While I only saw a few of the ads on my feed, the traffic to my blog post about Amazon Token continued, even though the original pages and ads had been taken down. The logical conclusion is that lots of people were seeing other Amazon Token ads and pages and wondering if they were legit.

The latest version appears to be lasting a little longer. This time the page doing the advertising mimics a page from The Guardian newspaper, a major, legitimate news source in the UK.

When you click through, you see a fake site for The Guardian at the domain theguardian.dailynews.financial.

Whether you click on this or not, it then takes you to amazon.icosale.io, which is a site that pretends to sell you Amazon-branded cryptocurrency. It’s fake. For example, the photos of the development team on the site include this guy . . .

Photo of a man looking into the camera and smiling happily

. . . who appears to be a stock photo on several sites. The most highly ranked of those sites is (you cannot make this up) an Amazon page for the prolific author Daniel Blue, who publishes many fantasy books of gay porn about very fat men. That’s an Amazon connection, but has nothing to do with crypto.

One more thing. Jeff Bezos is no longer CEO of Amazon; he’s now executive chairman. So why is his picture on all these sites? Because he’s far more recognizable to scam victims than the current CEO, Andy Jassy.

A well-constructed AI could spot this

First off, Facebook is capable of reading words in graphics. Having already taken down dozens of Amazon Token pages, should they be able to block any new ones that go up? If the last 20 were fake, the next one almost certainly is. An AI could spot them easily.

Second, Facebook has a “real names” policy for individuals. But it has no problem hosting an obviously fake page for “The Guardian,” which I’m certain was not opened with a Guardian email address. How hard is it to identify fake pages that masquerade as sites for legitimate news sources that already have real pages? This sort of sleight of hand has been going on for years, but Facebook still can’t stop it.

Finally, let’s take a look at the Web pages that these posts and ads link to. Dailynews.financial is a domain registered at “Porkbun.” So is icosale.io. (Don’t get confused by the subdomains “theguardian” and “amazon,” respectively, at the front of these URLs — the only thing that matters for domain registration is the words before and after the final dot.) Apparently Porkbun is more open to hosting scams than other registrars. A site on one of these URLs is a candidate for being a scam — but Facebook apparently doesn’t take that into account.

Facebook doesn’t give a damn

Are scams like this and the constant stream of friend requests from catfish chicks and silver foxes a problem?

They’re a problem for Facebook’s users. But they’re not a problem for Facebook or its parent company, Meta.

Meta is focused on creating a new virtual world to control. So why spend money or expend AI resources on stopping spams and catfishing? They don’t impact the bottom line.

Facebook is a menace. It’s time to crush it. Nothing but threats will stop this negligence, so let’s threaten to crush Facebook.

It’s the only way to get the company’s attention.

5 responses to “Amazon token scam shows why you can’t trust Facebook’s AI

  1. Your hypotheses about Facebooks algorithms being poor could well be right, but wouldn’t you also have to know how many True Positives (post that are correctly identified as fake) it got?

    All we can see are the False Negatives (ones that are incorrectly identified as not fake) and True Negatives (post that are correctly identified as not fake – i.e. everything else)

    For example if the algorithm correctly blocked 1 scam post, but let 10 scams get posted – then it would be terrible. If it blocked 100 million scams and posted 10 – then it’s very effective.

    I’m not trying to defend Facebook in particular, but I think it is worth thinking about how these systems work if we are to criticize them and try to improve them.

    1. These are worthwhile questions to ask — you are right in your broad perspective on this analysis.

      What I can tell you, though, is that to my eye, all the Amazon Token scam posts are nearly identical. And I do know that they took down the first few after people complained. If the first few were identifiable as scams, shouldn’t it be able to identify the others that are almost identical?

      Regarding the catfish chicks, I can virtually describe the algorithm myself. Woman, single, no posts except selfies, and a post inviting people to a group for sex or companionship. From what I know of AI, if you ran a few hundred of those through a neural network, it would easily identify the rest — as easily as you and I do. And yet, Facebook seems unable to do that.

      TL;DR — in general, your analysis is sound, but in this case, the inability to identify the easily spotted offensive content is nearly impossible to comprehend.

  2. I clicked through a Facebook ad and, despite a really good looking scam site, my BS detector started pinging. Nice writeup on this. The ad took me to amztoken dot sale with a registration page at tokensale dot global, both of which were registered just yesterday at NameCheap. Who knows how many dozens or hundreds of domains they have going. Folks, report the ads, and report the domains to the abuse email address at the domain registrar.

  3. As much as crypto holding is profitable, there are downsides such as this which makes you liable to lose all your money in a second as a result of carelessness with login details or deceptive ICOs like this. Many of us have experienced that on different platforms, not just Amazon alone.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.