Protect Yourself From Online Scammers, Swindlers, and Slanderers






There’s been a lot of talk about the FTC and various other
government agencies clamping down on deceptive advertising
online. The main focus seems to be on the new rules regarding
testimonials, which we covered a few issues back, and the need
for proper disclosure by various people acting as paid
“reviewers.”

Those topics are important, certainly. There are others that
don’t get talked about as much, but which are just as
potentially troublesome. They deal more with making good
decisions and protecting your reputation than with making
sales.

Unless you’ve been at this game a long time, you might be
surprised at the traps that are waiting for you out there.
Especially if you somehow become a “target” for one of the
Internet’s lower life forms.

At the end of the article, I point out how many of these
potential problems can be made worse if you ignore the early
recommendations.

Let’s take a look at some of the pits you can fall into,
starting with one many of us see every day…

“Give a Man a Phish…”

=====================

A phish is a mix of (usually simple) technology and social
engineering to get you to reveal information that can be used
to steal your identity or gain access to an online account.

The usual way you get these is via an email alleging to be from
some well-known company with which you may have an account. It
may claim that there have been problems which require that you
log in and correct information. Or it can tell you about
charges you didn’t make for products being sent to someone
else’s address. The one thing they all have in common is that
they involve you clicking on a link and logging into a site.

Once you do that, they’ve got you. They have the user
information and password they need to do whatever they want
with your account.

Not the best way to start a day.

….

Quick… What domain does this URL link to?

http://www.example.com.doLogin.custsrv.info?update.me

What did you say?

If you said example.com, you flunked. The phisher is in ur
account, eating all ur moniez.

The actual domain in that one is custsrv.info

Now, how about this one?

http://www.example-svc.com/doLogin.custsrv.info

If you said example-svc.com, you’re right. But what if it said
paypal-svc.com instead? Would you consider that safe? If so,
you lose again.

Sluuurp.

….

If you read email in HTML format, you may even see the real
company’s URL in the visible text, and not notice that the
underlying link actually leads to a different site altogether.

If you get emails claiming to be from Paypal, eBay, Amazon,
your bank, Google or Yahoo’s pay per click systems, or pretty
much any other system where you have money in an account or a
credit card associated with it, do not click on links in those
emails.

Log-in by typing in the URL you know works, not the one in the
email. For example, you’d log into Paypal by typing in
https://www.paypal.com, not any other URL.

If the email talks about security problems, you can usually
ignore it. If you’re not sure, grab an account statement that
you got from them via postal mail, and call the number in that
statement.

This subject is way too extensive to cover properly in this
newsletter and get anything else done. I recommend that you
Google the word ‘phish’ and do some reading on the subject.

Don’t get hooked.

“In My (mumble) Opinion”

======================

The practice of posting positive reviews of a product by fake
customers is as old as electronic communication. Before that,
we had shills at auctions and carnivals, and in pretty much
every other kind of sales process.

A while back, I pointed to this Dilbert comic in a discussion
of ways that people abused forums:

http://www.dilbert.com/fast/2009-02-01/

Maria Lasilla sent me a link (thank you!) to a less humorous
article in the New York Times, which mentions a cosmetic
surgery firm that settled a case with the state of New York for
$300,000 for doing just that: Getting employees to post fake
reviews.

You can read about that one here:

http://nytimes.com/2009/07/15/technology/internet/15lift.html

Fun stuff, eh?

….

The games don’t stop at posting glowing fiction. It’s not
uncommon to see hatchet jobs done on perfectly good companies
by their competition.

Along with this, some of the so-called “scam reporting” sites
have been accused of even sleazier tactics. One is alleged to
have posted and/or solicited lies about various companies and
charged the companies for removal or rebuttal of the fraudulent
claims.

To get an idea of how bad this can get, check out the comments
about RipOffReport.com at http://www.reportsripoff.com

No matter which one you believe, one of those two sites (at
least) is engaged in a pretty involved scam.

On the flip side, there are some useful sites that can help
you, and which are solid and fact-based. They tend not to
accept random accusations from anonymous reporters, though.

One really good place to learn about online scams is run by a
couple of old friends, Jim and Audri Lanford, at…

http://scambusters.org

Who ya gonna call?

….

To add further to the confusion, it’s become quite common for
people in this business to recommend creating “review sites,”
and suggesting that the site creator choose high-converting
products to recommend.

Some of the people suggesting this will be careful to tell you
to only review honestly. Others outright endorse saying
whatever is needed to sell the product being reviewed,
regardless of the quality of the thing.

Consider the context and the reviewer before putting too much
faith in their comments. Too many of these sites exist for the
sole purpose of making the sale, with no concern about the
value the customer gets afterward.

….

Then there are the “flogs.” Faux blogs, purporting to tell the
story of how someone used one or another product and got
amazing results. They very frequently use IP-locating scripts,
which let them insert the name of your town, or one near it, as
the home of the alleged blogger.

A common tip that you’re looking at a flog is a sequence of
positive comments or hopeful questions, ending with the
statement that further comments have been disabled due to
spamming.

….

A variant on this is the piece that’s designed to look like a
news report about a product, often using the same “your town”
trick. It will say, “As seen on” and name a number of credible
news sources. It will go on to extol the virtues of the
product, in a format that sounds somewhat like a folksy “human
interest” story.

Ask yourself: How often does your newspaper do a story like
that and start it off with “As seen on AOL, CNN, the New York
Times,” etc?

As the gecko would say, “Come on, people.”

If it looks like an ad, assume it’s an ad.

“In His Opinion”

==============

One of my favorite targets for scorn is the site with fake
testimonials. These are so common that, unless you can verify
the testimonials yourself, you should just ignore them.

Yes, that probably sounds like strange advice, coming from a
copywriter. Still, it’s probably safer than believing them.
Even if they’re true, they probably don’t have much to do with
your situation.

I’d also recommend disregarding any and all screen shots
alleging to show proof of income. Way too many are faked. It’s
really easy to do.

Even if they are real, and many are, they’re irrelevant. You
don’t know all the factors that went into making whatever
amounts are shown.

As the old saying goes, “Your mileage may vary.”

“Clean Out Your Sock Drawer”

==========================

Chuckie was evil, but he had nothing on sock puppets.

A “sock puppet,” in Internet terms, is a user account created
for purposes of deception, most often in a discussion forum or
chat room.

They are commonly seen adding to the illusion of support for
the controller’s position in a discussion, bashing or praising
a person or product, or to provide cover for what amounts to an
anonymous complaint or attack.

They can also be used to start a conversation, allowing the
controller to step in and steer it in the direction they
wanted, without looking like they’re responsible.

In the time I’ve been moderating electronic forums, I’ve seen a
lot of these critters. They’re getting sneakier now, to avoid
the ability of most forum software to track the IP addresses of
posters. That’s given rise to a different kind of sock puppet,
called the “ghost poster.” This is someone who is paid to post
according to instructions from the controller.

These can be positive presences in a group, but that’s very
rare. In virtually every case I’ve seen, they’re hired to
create the illusion of an independent presence, to be later
used for profit or abuse through deception.

Here’s a little more humor on the subject, from one of my
favorite web comics.

http://ars.userfriendly.org/cartoons/?id=20070729

Xandros, indeed!

….

Sock puppets are, for the most part, only a problem if you
believe them. The simple solution is to discount any claims
that seem a bit too convenient, unless you know the person
making the claims.

And remember: The number of people who agree with a position
has very little to do with whether or not that position is
correct.

“Socially Inept”

==============

For a lot of people, social networking sites don’t really seem
to make much sense. Older surfers (anyone over 40) tend to
think of MySpace, and dismiss them all as places for teenagers
to chat mindlessly and indulge their exhibitionist tendencies.

The whole social media thing just doesn’t seem to offer
anything but another way to spend precious time.

Even if you believe that, there are good reasons to create
profiles on them. I’m not going to get into using them to make
money or find prospects in this issue. There are plenty of
other people ready to explain that to you.

The one overriding reason to create a profile, even if you
never plan to use it, is simple: To keep someone else from
pretending to be you on those sites.

The simplest reason someone might use your name or company name
on a social networking site is to get traffic from folks
looking for you. This would most often be your competition.

Another potential problem could come from someone creating a
profile in your name and using it to do things that would
damage you or your reputation. An irate customer, an angry ex,
or even just some random nitwit who thinks it’s fun to screw
with people, is all it takes.

You don’t need to try and cover every possible spelling or
common term someone might use to search for you. Your personal
name or your business name (depending on the site) should be
enough. If your personal name is common, like mine is, just
make sure you have a profile on each of the major sites in some
variation of it, and include your URL in the profile.

As long as you have a presence, you can easily answer people
who ask about others that sound like you.

I recommend having profiles on Twitter, Facebook, MySpace and
LinkedIn. There are dozens of others, but these are the big
ones.

“Master of Someone Else’s Domain”

===============================

This one should be a no-brainer, but a surprising number of
people miss it:

Register the .com version of your business name,
if it’s not already taken.

I don’t care if you currently have no plans at all of ever
doing anything online. The opportunities for people to mess
with your business by grabbing the domain are too big to leave
out there to save a few bucks a year.

If it’s taken by a business with the same name in another town,
you can skip this. Or, get something that includes the name and
the town, like, “FredsBank-NY.com.”

I would also recommend grabbing a generic form, along the lines
of “profession-town” or “town-profession.” For example,
“SanDiegoRealEstate.com” or “PlumberInPawtucket.com.”

Just don’t grab one that’s the same as the name of another
local business, even if it’s generic. While that may be
tempting, it can also create problems you don’t want.

It’s also sleazy, for those who care about such things.

“The Poisoned Pen”

================

Here’s where things get weird, and where you see why it’s a
good idea to do some of the things I mentioned earlier, even if
you have no plans to do anything online or to get actively
involved on the social networking sites.

A while back, someone posted a “press release” on one of the
free press release sites, accusing me of being involved in
scamming people. The thing was very poorly written, and was
made sillier in that it named as one of my “victims” a person
with whom I am known to get along very well.

It mentioned the Warrior Forum, so I just went there and
posted a link to it, with a simple comment that it was lame.

Why would I advertise a page that accused me of criminal
activity?

Hang on. We’ll get to that.

….

Remember a while back when a Google search for the phrase
“miserable failure” would show George W. Bush’s official White
House bio page as the top link?

That was a simple thing to arrange. All it took was for a lot
of people to link to that page, using “miserable failure” as
the anchor (clickable) text. It wasn’t hard to get a lot of
bloggers to join in, and that makes it fairly quick. Search
engines, especially Google, give a lot of weight to links from
regularly updated and popular blogs.

Manipulating search results with a co-ordinated effort and
large numbers of links that way is called “Google bombing.”

When you’re talking about relatively uncommon search terms, it
doesn’t take much to rank high for them. Sometimes as little as
one or two well-placed links with the right anchor text will do
it.

In short, it’s not hard to poison the search engine results for
most local or specialized terms.

….

Let’s see how some of the other stuff plays into the potential
for this.

If someone grabs the domain version of your business name, it’s
pretty much a done deal. They can rank your name in combination
with almost any terms they want, and say whatever they like on
the resulting page.

If they don’t have the domain name, they can easily put up a
page on a free blog, social networking system or other site and
link to that. A few posts in the right kinds of discussion
forums, a link on a blog or two, and you’re “branded.”

Keep in mind that it’s not necessary that they have the number
one position on the search engine if they can grab attention
with a sensational title in positions 2 through 5.

It isn’t really even necessary that a trouble-maker understand
what they’re doing in order for them to create serious problems
for you this way. Just that they use the same link text a few
times, pointing to their gripe page.

The problem there is that nutcases, like politicians, tend to
say the same thing, in the same way, over and over and over
again.

Ain’t that fun?

….

If you participate in forums, you need to understand something
about sock puppets: As they become more experienced, they learn
a few tricks. And they get nasty when they’re exposed. That’s
what prompted the idiot I mentioned earlier to post the fake
press release about me.

If you don’t know how to handle them and their tricks, you’re
better off leaving them to people who’ve dealt with their type
before. The lone twit isn’t usually much of a concern, but some
of these folks act in groups.

For example, there are a few people from one IM forum who seem
to derive a great deal of satisfaction by wasting time creating
trouble for various members of the Warriors. This kind of
linking trick is one of their favorites. And, with a bunch of
experienced online marketers involved, that can be very
effective, very quickly.

One of their idle pastimes is to link a “target” to the kind of
videos that most businesses don’t want associated with their
names…

These guys need hobbies.

….

This is another area where social networking profiles are
useful. They fill spaces on the search engine results pages
(SERPs) when someone looks for you online. That helps to keep
casual complaints or stupid comments in discussion boards and
blogs from being the first thing someone sees if they go
looking for you in a search engine.

It won’t stop a determined Google bombing, but profiles from
these sites get decent rankings, and can make even that a bit
harder.

Being listed in the social networking sites I mentioned also
shows that you are at least aware of new media, which says
something positive to a lot of consumers.

While you’re at it, go to http://local.google.com and get your
business listed with them. It’s free, doesn’t take long, and
helps when people go looking for someone in your area and line
of business. And those results show _above_ the regular
listings.

That stuff shouldn’t take a whole afternoon to get done. It can
save you significant hassles, along with possibly increasing
your sales and building a more extensive network of contacts.

Do it this weekend, if you haven’t already.

….

Now back to why I actively pointed people to the fake “press
release” accusing me of various unsavory things.

I know the guy was trying to link my name to that stuff in the
search engines. He wasn’t going to be able to rank for it with
just that posting, as there are a ton of links to me and some
other guys with the same first and last names. So, that part
was a non-issue.

The effort itself was useful as an example for showing people
some important things. First, making them aware of this kind of
“attack,” and what it could do. Along with that is the idea
that you should not freak out or get defensive when some random
nutball starts foaming at the keyboard.

Remember: Breathing is Good.

The title of the thread was “Look, Ma… I’m a scammer!” Other
than including the link, my only comment in the first post was,
“This would be funny if it wasn’t so lame.”

It really was lame, by the way. The guy’s spelling and grammar
are atrocious (yet he claims to be a professional writer.) He
lost track of who he was accusing at one point. And he quoted
someone I’m known to like and respect as a “victim” of my
alleged fraud.

One thing you’ll notice about these types of people, should you
have occasion to have to deal with them: They’re usually not
all that bright.

Anyway…

The big lesson in that example comes from the fact that I am
already a known quantity in the group where all this happened.
Yes, some people posted that the accusations might be true.
They were new to the group, and were immediately told by the
folks who’ve been there a while that it was just someone who
was torqued at me over what he sees as forum politics.

Because I was already known to them, I didn’t need to defend or
explain myself. That left me free to make the points I wanted
to make about that kind of prank, without needing to get
distracted with the silliness of the thing.

That lowered the chances of someone doing the same thing to
another member of the group. The guy who posted that particular
one got no joy from it, certainly, so he’s likely to try
something else next time around. (He’ll be back. He’s petty,
obsessive and has no life. He can’t control it.)

It was a fairly heavily viewed thread, with many of the more
active members participating. Some people with less than honest
motives will see that the tactic can backfire in a big way, and
avoid it. The active members will know better how to deal with
similar things in the future.

These are the kinds of advantages you can build for yourself by
developing a reputation in your market before you need it.

A good reputation will do more than help you make sales or find
people to work with. It is the best way to protect you and your
business from the digital roaches that wander the web.

This may not seem like it would matter if you don’t plan to do
business online. That would be a dangerous assumption if your
customers, prospects and business associates use the Internet.

If you have an online business presence, this is something to
be very aware of. You can keep an eye out for people talking
about you, your business or your products by setting up a few
automatic searches at http://www.google.com/alerts

One trick I’ve found handy is to test the search terms you use
for your alerts in the main Google search box first. That way
you can see which ones bring up the most relevant results,
which will keep you from getting a ton of useless notices that
take up a lot of time.

Then just let it run. Let Google do the work. If they find
anything that fits, they’ll email you.

Sometimes automation really is a good thing.

….

Enough for the moment. Take a few minutes this weekend and
create those profiles. You may also want to do some vanity
surfing (type your name or company name into a search engine)
to see if there’s anything being said about you that you should
know.

….

Back to the blatant commercialism for a moment…

One really good way to develop a reputation in your market is
to sell them stuff that helps them get more of what they want.
And that’s time spent that makes you money, rather than costing
it. Grab a copy of my latest manual to see just how easy that
is to do…

http://talkbiz.com/r/empires.php?page=1

Paul Myers is the editor of Talkbiz, where this article first appeared. Subscribe (and get his powerful 112-page Internet success e-book) at http://talkbiz.com