Fake Reviews & The Google Play Store

Posted by on Oct 9, 2014 in Affiliate Fraud, App Stores

The Fair Credit Reporting Act ensures that Americans are granted a free credit report from Equifax, Experian and TransUnion once every twelve months. If you are fortunate enough not to encounter a scammer along the way to getting your free credit report, then you’ll most likely end up at  annualcreditreport.com Unfortunately, not everyone is so […]

AdWords Phishing #2

Posted by on Aug 11, 2014 in Malvertising, Phishing

A reader sent me an email asking me to clarify the following statement from my last post: “AdWords credentials are big bucks, more so if you phish a premium account.” Platforms the likes of AdWords are constantly under attack. It’s astonishingly simple to verify this for yourself: Head on over to google.com Search for “adwords […]

AdWords Phishing

Posted by on Aug 8, 2014 in Malvertising, Phishing

This Reddit post discusses an advertiser that is using Google’s AdWords system to phish Blockchain.info subscribers. If you’re not security/tech savvy, what this translates to is that an AdWords advertiser is tricking Google users into thinking that he/she is the face for another legitimate Web site. The idea is to steal user credentials. As an […]

Tech Support Scams – What Lies Beneath?

Posted by on May 27, 2014 in Tech Support Scam, Wire Fraud

In the Tech Support scam, a scammer hijacks a well known brand in an effort to lure a victim who is then deceived into paying for an unnecessary/non-existent service or installing malware infected payloads. This scam has been picked up by quite a few players in the last couple of years, successfully catching people left, […]

Bee Coupons = Enhanced Browsing?

Bee Coupons = Enhanced Browsing?

Posted by on Apr 23, 2014 in Ad Injectors

Search for “download skype”, “download google chrome”, “download firefox” or a myriad of other popular applications and you may find yourself unlucky enough to run into an ad injector. Now an ad injector won’t present itself as an ad injector. Typically, it will bundle itself into an installer which will opt the user into installing […]

Laundering Stolen Credit Cards

Laundering Stolen Credit Cards

Posted by on Jan 29, 2014 in Fraudster on the Roof, Money Laundering, Wire Fraud

This post is the second entry in the “Fraudster on the Roof” series. Please remember that the intention of this series is for readers to learn how to better detect fraud, not to improve how they implement it. Today we look at what it takes to launder money online, specifically through stolen credit cards. Cards […]

Measuring and Managing Online Affiliate Fraud

Affiliate programs vary dramatically in their incidence of fraud: in some merchants’ affiliate programs, rogue affiliates fill the ranks of high-earners.  Yet other similarly-sized merchants have little or no fraud.  Why the difference? In Information and Incentives in Online Affiliate Marketing, Ben Edelman and I examine the impact of varying merchant management decisions.  Some merchants […]

“babyface” compromises qbnews.cn

Posted by on Nov 18, 2013 in Affiliate Fraud, Cookie-Stuffing, Mad Monday

Qbnews.cn ranks in the top 54,000 sites world-wide. Load it up in your browser and you’ll see nothing out of the ordinary. Fire up a Web debugger and monitor the outbound traffic from your machine though, and you will see an entirely different story: affiliate fraud. This site has been compromised and the attacker (aka […]

Cellphonetech stuffing Amazon cookies with heightened concealment

We’ve recently been watching an Amazon Associates fraudster taking remarkable efforts to cover his tracks.  Like many rogue Associates we’ve looked at, he’s stuffing cookies invisibly.  He’s using Flash-based stuffing, a technique first written up last year.  But he’s several notches more sophisticated than most: The fraudster begins by buying a 125×125 IFRAME in the […]