Hiding in Plain Sight: Characterizing and Detecting Malicious Facebook Pages

Facebook is the world's largest Online Social Network, having more than 1 billion users. Like most other social networks, Facebook is home to various categories of hostile entities who abuse the platform by posting malicious content. In this paper, we identify and characterize Facebook pages that engage in spreading URLs pointing to malicious domains. We revisit the scope and definition of what is deemed as "malicious" in the modern day Internet, and identify 627 pages publishing untrustworthy information, misleading content, adult and child unsafe content, scams, etc. Our findings revealed that at least 8% of all malicious pages were dedicated to promote a single malicious domain. Studying the temporal posting activity of pages revealed that malicious pages were 1.4 times more active daily than benign pages. We further identified collusive behavior within a set of malicious pages spreading adult and pornographic content. Finally, we attempted to automate the process of detecting malicious Facebook pages by training multiple supervised learning algorithms on our dataset. Artificial neural networks trained on a fixed sized bag-of-words performed the best and achieved an accuracy of 84.13%.