Hiding in Plain Sight: The Anatomy of Malicious Facebook Pages

Facebook is the world's largest Online Social Network, having more than 1 billion users. Like most other social networks, Facebook is home to various categories of hostile entities who abuse the platform by posting malicious content. In this paper, we identify and characterize Facebook pages that engage in spreading URLs pointing to malicious domains. We used the Web of Trust API to determine domain reputations of URLs published by pages, and identified 627 pages publishing untrustworthy information, misleading content, adult and child unsafe content, scams, etc. which are deemed as "Page Spam" by Facebook, and do not comply with Facebook's community standards. Our findings revealed dominant presence of politically polarized entities engaging in spreading content from untrustworthy web domains. Anger and religion were the most prominent topics in the textual content published by these pages. We found that at least 8% of all malicious pages were dedicated to promote a single malicious domain. Studying the temporal posting activity of pages revealed that malicious pages were more active than benign pages. We further identified collusive behavior within a set of malicious pages spreading adult and pornographic content. We believe our findings will enable technologists to devise efficient automated solutions to identify and curb the spread of malicious content through such pages. To the best of our knowledge, this is the first attempt in literature, focused exclusively on characterizing malicious Facebook pages.