One of my clients called me on Friday and told me he was getting calls and emails from complete strangers around the country asking where their free product was. I initially thought his site may have been hacked, but a quick Google search uncovered a pretty big scam that's been going on for a while. Someone somewhere used his business information and created a Facebook Place page making an offer of a free item in exchange for a like.
The product photo was initially hosted on Dropbox, and a Google search for that Dropbox directory uncovered an additional six pages, plus an additional page that just went up today. I'm going to list the pages I uncovered with the locations and type of businesses, but I'm not going to identify them, because the businesses are victims here.
A fake page for a New Jersey pizza parlor offering a free apron
A fake page for the same New Jersey pizza parlor offering a free oven mitt
A fake page for the same New Jersey pizza parlor offering a free pizza cutter (This poor pizza restaurant has over 70,000 likes now from people sharing this offer without verifying it!)
A fake page for a Pennsylvania caterer offering a free olive oil sprayer (Over 2,000 likes)
A fake page for a Virginia massage therapist offering a free head massager (Almost 5,000 likes)
A fake page for a Texas aloe vera company offering a free aloe vera sample (Over 57,000 likes)
A fake page for a California cosmetics company offering free makeup brushes (Over 58,000 likes)
NEW! A fake page for a California company offering a free beach bag (Only 678 likes so far, but just started today)
I contacted Dropbox and they immediately suspended the account when I sent them links to all the fake pages. Saturday morning, all of the product images were moved to the same account on Cloudfront, which is an Amazon web services company. I sent a list of pages and files to Amazon web service's abuse email on Saturday and never heard a peep back. In the future, if you aren't sure about the veracity of a Facebook offer, check the URL of the procuct image on the free offer landing page and if it starts with d1sf0m8kms36pp.cloudfront.net, it is definitely a scam.
I'm not quite sure what the motivation was to set up these pages, but I would guess it's just to collect valid email addresses for spam purposes. Each of these pages uses the same script to collect contact information. When you fill out the contact form and submit it, you'll be redirected to a fake offer on an outside web site. Clicking that offer takes you back to Facebook where you are given the option of sharing the fake offer. The only other thing I could think of would be if somehow the redirected pages are loading adware or spyware or malware through your browser.
The real issue as I see it is that Facebook will allow anyone to claim to be a business and set up a business page without verifying their identity, and there's no mechanism to contact security at Facebook to let them know about these scams so they can deal with them immediately. Instead, they require the victims of these scams to verify who they are before they'll turn the pages over; in my client's case, Facebook said it would take a week for them to investigate the issue. In the meantime, this scammer is impersonating these businesses and cross-linking their scam pages (for example, the NJ pizza place links to the PA offer, and the PA offer links to the new CA beach bag offer), all the while collecting the email addresses under false pretenses.
The easiest way to spot these scams, beyond looking for the hosting of the images, checking the script of the page to see what it looks like, and actually visiting the real web site of the business to see if they say they're on Facebook, is to simply ask yourself whether it would make sense for this small local company to give out a free item to thousands of people across the country who would never actually patronize their business. For example, the Jersey pizza joint now has over 70,000 likes, meaning that they'd be spending over $100,000 to send out free pizza cutters, aprons, and oven mitts if these fake offers were true. How would that make sense for them?
Edited to add: Another scam page pointed out to me this morning is free diet pills from a nutritional supplement store in California. (Over 3000 likes)... this one has the image hosted on Cloudfront.net on a different account, which when seached, uncovers additional fake offers like a free towel from a Florida fence company and free soap from a salon in New Jersey.