It has recently come to my attention that an unscrupulous website is using one of my novels as bait to phish data and garner illicit revenue from unsuspecting fans!
This brings up a subject near and dear to my heart. That subject is how humanity can suck, and Sucky Humanity + Money x Anonymity + The Internet = Scammernado Central. So I decided that it might be good to have an entry detailing all the ways people on the internet can be jerks when money is involved, and how you can protect yourselves from them.
The scum of the internet rely on people being one of two things–desperate, or uninformed. If you are desperate, I cannot save you. But on the other hand, knowledge is power, so here we go!
Note: For the purpose of this entry, I will be using the term e-book. You can replace it with anything: MP3s, Programs, or Apps–and it will still be applicable.
First of all, I won’t get into antivirus software, malware monitoring programs, script limiters, or adblockers*, because if you aren’t using one already then this post won’t convince you to. Plus, these sites can still trap you by manipulating you into disabling these features, or by being designed to work around them. [Still, it doesn’t hurt to have them. I highly recommend you pick at least two.]
* = This may seem like I am going against myself, but malware can come from infected ads that even the webmaster or content provider does not realize are infecting people. You can whitelist providers you trust, or you can consider making a donation to a site you enjoy while blocking their ads. The choice ultimately lies in your hands.
General Safety Tips
- First and foremost–trust your gut! If something seems like it is too good to be true, it often is. If e-books that would normally need to be purchased are being offered for free through an unfamiliar site or service, then the cost is made up in other [usually unscrupulous] ways.
- If a website is asking you to sign up for something else in order to receive a free e-book, then it isn’t free. Only download e-books from authorized retailers!
- If you see an unfamiliar website or service offering paid content for free, look up the name of the site plus a keyword in your favorite search engine, such as going to Google and keying in the search string “notreallyfreebooks.com+scam”. Often you will find links to watchdog sites in the results–these have ratings and testimonials that can help you decide if it is legitimate or not. Best of all, you can see that info without needing to sign up for anything!
- Email the author! I probably would have never realized my book was being used as bait if not for a concerned reader pointing it out to me–an author will always be happy to point you to legitimate places where you can purchase or sample their book. Always.
- If you hover over a button or link on a website, you can usually see a preview of the url that you are sent to when you click it. If it leads anywhere off the site you are currently on, it could be an Integrated Affiliate Advertising Redirect–also known as a Forced Click. If it’s not disclosed, then this is usually a sign of shady business practices, and should send up red flags!
- If you have to click a link or button, or perform an offsite task to “unlock” or “decrypt” a file, get out of there!
Click Fraud and Affiliate Links
Affiliate links are links through which website owners send their visitors to access products and services they would normally look for. The innocent ones will reward the webmaster for sending you to a site you were going to anyway. For example, DIY blogs often include Amazon affiliate links to buy the materials needed to create a project they are detailing. If you click that link to go to Amazon, the blogger will get a small reward when you purchase the items. You can buy your materials in one convenient place, and the blog might be able to remain ad-free through that reward revenue. Everyone wins! But if you don’t want to click that link, you don’t have to in order to enjoy the post. Most places that are on the up-and-up have programs in place to make sure that someone can’t sit there and click a link over and over to artificially inflate the amount they get paid. Some people use click farming to get around it, employing people to click site links at a low wage. This is usually done in countries where labor is cheap.
However, aggressive advertisers and companies make affiliate links dangerous. They will pay well per click, but force the webpage user to sit through an ad or promotion–or even worse they may install malware on the their computer without them realizing [or authorizing] it. The webmaster then has to trick their visitor into clicking on the link, since no one is going to willingly watch an ad they can’t close or go somewhere where they might pick up a virus. A method that has popped up to get clicks is the “Free File Site”.
The site will advertise something that is not normally free, as being free through them. Once you are on the site, they will force you to click their affiliate links in order to receive the file, or a download link leading to the file. The fun thing about these sites [from a legal standpoint] is that they do not get in trouble for hosting copyrighted content, because they do not actually provide it! Once you click the download or unlock link, they are done with you. All they needed to do was trick you into providing that click.
Special Offers, Surveys, and Malware
In addition to tricking visitors into giving them money through force clicked affiliate links and ad revenue, some sites will take their deception further. They may require you to fill out a survey, apply for a free trial of a service, or “accept a special offer”. These things give the webmaster or affiliate a bonus–your information.
Information is valuable! Social Security Numbers [SSNs], bank account info, and credit card numbers are all primo bits of information. You’ve probably heard time and time again to never give these things out. But what most people don’t realize is that people who seek this data network, and even innocuous things like your name, or an email address are valuable commodities.
For example, you go to BadSite B, and they have you take a survey where they ask your name and email address. “Oh well,” you think. “What’s a few pieces of spam mail? My filters are awesome–I’ll never see it.” So you give it to them. Using that information alone, they can bring up aliases and usernames for you–they can find your social media, and glean things like your exact location, age, phone number, photos of you, and plus your current and past addresses. That is scary by itself, but if the owner of BadSite B talks to the owner of BadSite A, where you were required to apply for a credit card a few months back to obtain a “free” book, it gets worse. She has your name, definite billing address, and the last four digits of your SSN. She either buys the missing data from BadSite B, or she sells her data to him. Either way, someone is opening a new credit card in your name and going on a shopping spree! And that is just a best case scenario–with a little more data, they also have the ability to become you.
You don’t even have to willing agree to give them data, either. They can just quietly infect your computer and steal it slowly over time–passwords, login info, your search history. This is done through malware and viruses. These things are written to install silently and only need one click to get in. They hide in ads, and masquerade as files you may get access to for completing “special offers”. Once they are in, they are complicated [or impossible] to remove–if they’re even detected at all!
My brother–who for the most part, is fairly tech savvy–had a virus on his computer for six months, and never knew until I found it while trying to figure out why he was going over his data cap every month. All he knew was that he was receiving several gigabytes of overage, often to the tune of a $300 internet bill! The virus recorded every keystroke he made through screenshots that were then uploaded to a file storage server. It took a new screenshot every five to ten seconds. It was so ingrained in his system that it would restore itself after a low-level disk format and operating system re-install. He had to change all his bank cards, put a freeze on his credit, and throw out the hard drive–losing five years of programs, save files, and pictures in the process. How does he think he got it? He was looking for a serial code for an old game he owned, but had lost his legitimate serial for and went to a shady site. It’s not worth the risk.
Some especially insidious sites will use all three methods–forced clicks, mandatory “surveys” in order to unlock a file, and said “unlocked” file that turns out to be an installer for malware that gives them unlimited access to your sensitive information.
How to Spot a Malicious Site: A Checklist
If a website is offering an e-book you would normally have to buy, for free–but they require you to do something that seems digitally unsafe to obtain it, then leave. This includes the following:
- Asking you to click a link or button to “unlock” the file or download link to said file.
- Asking you to fill out or participate in offers that require you to submit sensitive data. [SSN, Home Address, Phone number, etc.]
- Directing you to a different website while browsing.
- Appearing sparse or like a generic template.
- If there is no contact information for the webmaster on the website.
- Hotlinking to cover images from legitimate sites.
- If all the comments or reviews are the same across all available files or seem to be entirely posted by anonymous people.
- If the website is taking too long to respond, or causes your web browser to ‘hang” [Stutter, or freeze entirely]. This can be a sign that an unauthorized add on, widget, or program is installing itself without your permission.
- If the website asks you to turn off or otherwise disable safety software such as running antivirus programs, malware monitoring services, firewalls, etc.
Using the information found here, hopefully you will not fall prey to these tricks. I want my readers to stay safe!
Additional Resource Links
Free Online Virus Scanners
Where to Report Bad Sites to Search Providers
Verified Safe e-book Retailers
Integrated Affiliate Advertising Redirects/Forced Clicks