Scammers (Attempt to) Leverage Scale
Why did you do it Homer?!
I don’t have to tell you what kind of heart wrenching disaster Hurricane Harvey was. It was bad; you know it, I know it, and unfortunately scammers know it.
Before I go any further, maybe we can try to turn this crap into a positive. Borrowing from my friend Rae Hoffman let’s try to #bethegood here. She and her husband Sean are handling local donations in the Houston area, are helping first responders / Cajun Navy, and organizing cleanups as I write this. If you haven’t given anything and want to, read her post.
Here’s why I’m writing about it though. On Sept 3rd we had a brand sign up at 1:27am Arizona time. Now, I’ll admit it, I was sleeping a bit…ok, I was sleeping hard. It’s a 3-day weekend, I had a productive QA session with Eric Kaufman earlier in day on the next version of Intellifluence coming out soon, and I ended the evening with a dip in the pool. I was out like a bear in winter.
After awaking and going through emails/slack messages I came across something from Shawn Schultze asking on whether something was a scam, because it smelled fishy. Or rather, phishy.
Totally not the American Red Cross
Intellifluence is large enough to be targeted by drive by scammers looking to make a quick buck. Oh goodie.
The details of the scam are as following:
Thanks again for the quick eye Shawn Schultze
- The individual, whom I’ll just call Homer, was masquerading as Google.
- I’m not giving the person any more attention, but let’s just say the real site is Something.Google.com and he/she did somethinggoogle.shop then somethinggoogle.shopping etc.
- Homer offers to donate 100% of all proceeds on purchases to American Red Cross to support victims of Harvey.
- Homer asked medium and high audience sized influencers to share in exchange for receiving a Pixel phone and other Google products.
- Homer takes the money and runs, never shipping product he/she never had…because again, Homer isn’t Google.
- Homer got a lot of shares tugging on the emotional heart strings of good people. Influencer marketing works exceptionally well, so it was not an insignificant amount of sharing that took place over 4–5 hours on an early Sunday morning.
Obviously, when we were made aware we immediately banned this individual; they tried to sign up again under another fictitious name / credit card…banned again, try again and again, blocked and blocked. I assume the cat and mouse game may continue until they learn that Intellifluence is not ever going to be okay with this.
That’s not enough though; if you want to stop a scammer, you have to disrupt the flow of profits. I’ve written and presented on some pretty dark methods on how to do that, but unlike the scammer I am staying within the bounds of the law. If you’re an entrepreneur dealing with a similar situation in the future, here’s what I did after the banning parade.
Step 1 — Registrar. If the domain isn’t up, you can stop the baddies. I contacted Namecheap abuse…no replies yet, but this was a smart attack, using a disaster and a 3-day weekend.
Step 2 — Host. Yep, though I’m not going to list this. No replies, but again, didn’t expect one yet.
Step 3 — Shopify. Looking at the source it was clear they were piggybacking on Shopify for payment fulfillment, so some quick messages to their support team to chop the scam down. To their credit, Shopify was the fastest to recognize this was a problem and jumped on it.
Step 4 — Google. I hate dealing with Google, I really do. Nevertheless I jumped through a lot of hoops and got a message presumably to the Alphabet legal / trademark team (they won’t care about the scam itself, but will care about the trademark violation which might cause harm…more on this later).
Step 5 — Red Cross. I was disappointed because the Red Cross abuse process is a bit weird; they try to pawn you off on 3rd parties and a governmental body. The leo.gov domain they provide doesn’t even resolve. Not a great feeling, and another reason to just let Rae handle your donation.
Step 6 — I reached out to as many influencers that posted about this as I could, in hopes to cutting the scam short. The scammers will go elsewhere I’m sure, but I don’t want my community or their audiences harmed by it.
There may be more steps to come depending on whether the individual keeps trying to sign up and scam my community (that won’t end well for them), but it got me to thinking that this is going to get a lot, lot worse.
AMP & Mobile Scams Are Next
First off, this is AMP. Mobile refers to mobile commerce; doing things from your phone. You can think of AMP as a doorway page to your regular website hosted on Google with the intent of making the experience faster for your users. If you want to learn a ridiculous amount more about AMP, talk to Cindy Krum and Emily Grossman — they’re the experts on how to legitimately use it.
Illegitimate is what catches my attention though; with AMP the URLs get rewritten and what might look like Intellifluence could end up being hosted on Google.com in a way that makes it difficult to differentiate real and not real. Think of it as the parody accounts on Twitter and how being clever with character set a large number of people can be fooled into following the wrong person. It’s like that, except with your money and your health at stake. Google “should” be taking a more cautious stance considering they have used the desire to protect against such harm in the past when attacking affiliate sites, but I’m concerned…I’m concerned because on bucket tests of mobile and desktop searches the URL sometimes isn’t even displayed, so it isn’t readily obvious to a user which site they are actually navigating to. Without a URL being shown, the scam I wrote about today would not be easy to see unless you viewed the source code. There will be more scams because of this; 100x as many and I wouldn’t be shocked.
And that’s where we’re at folks. Have you ever had to deal with a similar situation in running your platform or business? How did you handle it? Leave a comment below or tweet us at @Intellifluence.