How Low is Low?
Schemers bother me more than perpetrators of crimes of passion. Likely it’s the fact that they spend so much time thinking of ways to deceive and defraud others. A moment of blind fury can and should land a violent criminal in jail for a long time; but the cold calculating scam artists deserve the longest sentences in my view. Where the one loses control, the other is in complete control of their evil thoughts for years and years.
The other annoyance is the waste those schemers represent. Their elaborate devices take time, energy and talent to deploy. These folks are sharp enough and skilled enough to get a real job, but instead of building something they choose to be leeches on the backs of those who earn an honest day’s pay.
What am I railing about? Two different scams.
SCAM #1: Affiliate thief
The client prohibits affiliates from bidding on their brand name. Oftentimes, we’re prompted to look for affiliate theft because sales on our client’s trademark drops off the table for some reason. We have tools to help detect this abuse, and normally a quick scan of the destination url reveals that the traffic is really going to www.dirtbag.com or whatever after the Google redirect. But check out this scam:
The top is what our analyst spotted; it looks like traffic is being passed from Google to our redirector rkdms.com, but it isn’t! Not yet. This thief actually creates a spoofed version of our normal redirector and sends the traffic to her/his domain. Then — devilishly clever — after it’s gone through the affiliate’s site to get their credit tagged, the traffic is sent back through the real rkdms.com redirect (shown below the spoofed version) and on to the client’s site.
The net effect? RKG doesn’t see a drop in brand traffic through paid search — the user got our tracking tags. But, the affiliate still gets the commission by inserting its tag as well. We don’t see a drop so aren’t prompted to look for the theft, and a casual look at the destination urls on the trademark ads wouldn’t look out of the ordinary because of the spoof. Fortunately, our analyst had the razor sharp eye to spot the scam.
SCAM #2: SEO Link spam
RKG Blog generates many conversations with our readership, which we deeply appreciate. We also get a lot of comment Spam from both the standard spyware, malware villains and SEO companies looking to build link networks without doing the hard work necessary to do it right. Akismet has caught 190,000 of the first type, but has a bit more trouble spotting the last type.
Usually this later class of spam that makes it passed the filter is fairly easy to screen manually: “hi, love your blog, keep up the good work” type of generic message with links embedded. The more advance folks do something like: “Great post on [Title]” with dynamic insertion of either the title of the post, the author or a chunk of text from the post.
This morning, the prize winning dirt ball actually got a couple past the gatekeeper because instead of grabbing something easily identifiable, s/he grabbed a complete sentence from one of the other comments on the page so it looked like a well thought-through reaction to the post. His bad luck was that one of the comments he placed stole a snippet from one of my comments which I recognized as sounding a bit too familiar.
Clever, very clever, and evil.
Pretty clearly, the folks above have serious programming skills. They could undoubtedly get jobs with real companies doing positive work. Instead, they’ve chosen the Madoff route. I hope it leads them to the cell next to Bernie.