One Question Quiz

MediaApril 17, 2018

I got Instagram hacked by the fake Ray-Ban ads, and I’m mad as hell


Ads hawking bogus Ray-Ban sunglasses are springing up all over Instagram feeds. But where do they come from and who is to blame? Don Rowe, who found despite a spotless online record he’d been spamming the bloody things himself, launches an investigation.

Like scoffing at some sucker with a cracked phone screen, there’s a certain perverse pleasure in knowing that you, incredible intellect that you are, would never be caught out by some dumb Facebook scam. “No friend of mine shall be tagged in a fake ad! My social presence is sacrosanct!” Until it’s not, and you are scammed, and and you end up looking really dumb.

The ads, posted by individual user accounts up to four times in a row without warning, consist of a bad graphic offering Ray-Bans at 90% discounts in any currency from pound to euro to the New Zealand dollar. Various URLs are provided for keen shoppers, but the sites are uniform in their amateur design, error-ridden copy and total lack of affiliation with the actual Ray-Ban site hosted in the US.

“We are professional online company in the world,” they trumpet. “Our designer items are hand picked to match every uptown ladies’ latest desires all at discounted prices.

“This is a perfect place for perfect products. It would be an honor for our professional team to provide satisfied services for you.”

Though the websites are identical right down to the typos, they are registered to various cities in Eastern China. Seems legit.

The user’s friend list are tagged in the comment section, and posts from public-facing profiles quickly receive likes from bot accounts presumably controlled by the same company responsible for the ads. It’s embarrassing, it’s shameful as, but is it dangerous?

Who is responsible for such humiliation? And how, I wanted to know, can I wreak vengeance?

Cognisant of Instagram owner Facebook’s apparent impunity to everything, I set out with low hopes.

My first inquiries were to Instagram, the algorithm God itself. Were they aware of the scam, I asked. What is causing accounts to post fraudulent advertisements? Have users inadvertently given permission to third-parties? How can users rescind these permissions if so? What is Instagram doing to remove the vulnerabilities that made this possible? Has Instagram identified the body responsible for exploiting user accounts, and what action will be taken?

Instagram replied! Except they didn’t answer any of the questions. Instead they sent me their community standards and some platitudes around always striving to improve user experience.

I tried the privacy commissioner. Users are advised to report the issue and change their password, was the response, but you know all of that already.

There isn’t a lot of information online regarding the current batch of advertisements. They’re not, however, the first of their kind. Facebook, the mothership platform itself, was affected by a very similar “Ray-Ban” scam in 2017, 2016, 2015 and we can only assume all the way back to the dawn of time.

Alongside fake Ray-Bans, users on Facebook and Instagram have been exposed to ads offering cheap Yeezy’s, Rolex watches and Luis Vuitton bags, among other luxury goods, for at least half a decade. The legality and liability of the concerned parties is unclear.

In a 2010 US legal case, Tiffany Inc. v. eBay, Inc., eBay successfully argued it was not liable for counterfeit Tiffany products being sold on its platform. Though eBay had purchased Google adspace promoting the fake products, as the company doesn’t take possession of goods, nor does it directly sell goods, the case was not a direct trademark infringement, but a contributory trademark infringement. The court again ruled eBay was not liable, as the trademark right holder has the responsibility to police for infringement, not a middle man or on-seller. While French courts disagreed with the Second Circuit decision, the case set a precedent in US law for online retailers.

How that applies to platforms like Instagram who don’t facilitate the sale of counterfeit goods, instead advertising them, is another question.

There are more serious concerns than someone getting Ray-Bali’s instead of Ray-Ban’s for their $20, or just looking like a dick online, however. The content of the spam posts is irrelevant in comparison to the fact they exist in the first place – if a third party is able to masquerade as a user at-will, products (and opinions) much more nefarious than sunglasses can enter a network essentially endorsed by the user in question. While it’s all good and well to argue common sense and skepticism, the fact remains we implicitly trust the word of our friends and contacts over that of a third party, and thus our guard is down and the posts have greater penetration. It’s tinfoil hat stuff, but say they opted to post not an ad for cheap glasses, but criminal content with the potential for real lasting harm to a users reputation.

Further, as Instagram refuses to answer my questions regarding the scam, it remains unclear how a third party was able to post on my behalf in the first place, nor what anyone can do about it. Considering they obviously have at least partial access to my account, what else does the nameless retailer have access to? How vulnerable is my information? Are they reading my messages, harvesting my contacts, using my account as a conduit to infect others?

Nobody knows, and nobody’s talking. It may be the only sensible course of action is to delete anything and everything created by Facebook Inc. On the other hand, a 90% discount! Where do I click?

The Bulletin is The Spinoff’s acclaimed, free daily curated digest of all the most important stories from around New Zealand delivered directly to your inbox each morning.

Sign up now

Keep going!