Tagscam

Free E-Book Offers, Scammers, and You

It has recently come to my attention that an unscrupulous website is using one of my novels as bait to phish data and garner illicit revenue from unsuspecting fans!

SVU detectives can't even believe it!
I know, right? Rude.

This brings up a subject near and dear to my heart. That subject is how humanity can suck, and Sucky Humanity + Money x Anonymity + The Internet = Scammernado Central. So I decided that it might be good to have an entry detailing all the ways people on the internet can be jerks when money is involved, and how you can protect yourselves from them.

The scum of the internet rely on people being one of two things–desperate, or uninformed. If you are desperate, I cannot save you. But on the other hand, knowledge is power, so here we go!

Sailor Chibimoon knows what's up!
Knowledge looks like a cute bell. Work with me here, people.

Note: For the purpose of this entry, I will be using the term e-book. You can replace it with anything: MP3s, Programs, or Apps–and it will still be applicable.

First of all, I won’t get into antivirus software, malware monitoring programs, script limiters, or adblockers*, because if you aren’t using one already then this post won’t convince you to. Plus, these sites can still trap you by manipulating you into disabling these features, or by being designed to work around them. [Still, it doesn’t hurt to have them. I highly recommend you pick at least two.]

Powers!

* = This may seem like I am going against myself, but malware can come from infected ads that even the webmaster or content provider does not realize are infecting people. You can whitelist providers you trust, or you can consider making a donation to a site you enjoy while blocking their ads. The choice ultimately lies in your hands.

General Safety Tips

  • First and foremost–trust your gut! If something seems like it is too good to be true, it often is. If e-books that would normally need to be purchased are being offered for free through an unfamiliar site or service, then the cost is made up in other [usually unscrupulous] ways.
  • If a website is asking you to sign up for something else in order to receive a free e-book, then it isn’t free. Only download e-books from authorized retailers!
  • If you see an unfamiliar website or service offering paid content for free, look up the name of the site plus a keyword in your favorite search engine, such as going to Google and keying in the search string “notreallyfreebooks.com+scam”. Often you will find links to watchdog sites in the results–these have ratings and testimonials that can help you decide if it is legitimate or not. Best of all, you can see that info without needing to sign up for anything!
  • Email the author! I probably would have never realized my book was being used as bait if not for a concerned reader pointing it out to me–an author will always be happy to point you to legitimate places where you can purchase or sample their book. Always.
  • If you hover over a button or link on a website, you can usually see a preview of the url that you are sent to when you click it. If it leads anywhere off the site you are currently on, it could be an Integrated Affiliate Advertising Redirect–also known as a Forced Click. If it’s not disclosed, then this is usually a sign of shady business practices, and should send up red flags!
  • If you have to click a link or button, or perform an offsite task to “unlock” or “decrypt” a file, get out of there!
Lies!
Lies!

Click Fraud and Affiliate Links

Affiliate links are links through which website owners send their visitors to access products and services they would normally look for. The innocent ones will reward the webmaster for sending you to a site you were going to anyway. For example, DIY blogs often include Amazon affiliate links to buy the materials needed to create a project they are detailing. If you click that link to go to Amazon, the blogger will get a small reward when you purchase the items. You can buy your materials in one convenient place, and the blog might be able to remain ad-free through that reward revenue. Everyone wins! But if you don’t want to click that link, you don’t have to in order to enjoy the post. Most places that are on the up-and-up have programs in place to make sure that someone can’t sit there and click a link over and over to artificially inflate the amount they get paid. Some people use click farming to get around it, employing people to click site links at a low wage. This is usually done in countries where labor is cheap.

However, aggressive advertisers and companies make affiliate links dangerous. They will pay well per click, but force the webpage user to sit through an ad or promotion–or even worse they may install malware on the their computer without them realizing [or authorizing] it. The webmaster then has to trick their visitor into clicking on the link, since no one is going to willingly watch an ad they can’t close or go somewhere where they might pick up a virus. A method that has popped up to get clicks is the “Free File Site”.

The site will advertise something that is not normally free, as being free through them. Once you are on the site, they will force you to click their affiliate links in order to receive the file, or a download link leading to the file. The fun thing about these sites [from a legal standpoint] is that they do not get in trouble for hosting copyrighted content, because they do not actually provide it! Once you click the download or unlock link, they are done with you. All they needed to do was trick you into providing that click.

Archer Glitter Gun gif

Special Offers, Surveys, and Malware

In addition to tricking visitors into giving them money through force clicked affiliate links and ad revenue, some sites will take their deception further. They may require you to fill out a survey, apply for a free trial of a service, or “accept a special offer”. These things give the webmaster or affiliate a bonus–your information.

Information is valuable! Social Security Numbers [SSNs], bank account info, and credit card numbers are all primo bits of information. You’ve probably heard time and time again to never give these things out. But what most people don’t realize is that people who seek this data network, and even innocuous things like your name, or an email address are valuable commodities.

For example, you go to BadSite B, and they have you take a survey where they ask your name and email address. “Oh well,” you think. “What’s a few pieces of spam mail? My filters are awesome–I’ll never see it.” So you give it to them. Using that information alone, they can bring up aliases and usernames for you–they can find your social media, and glean things like your exact location, age, phone number, photos of you, and plus your current and past addresses. That is scary by itself, but if the owner of BadSite B talks to the owner of BadSite A, where you were required to apply for a credit card a few months back to obtain a “free” book, it gets worse. She has your name, definite billing address, and the last four digits of your SSN. She either buys the missing data from BadSite B, or she sells her data to him. Either way, someone is opening a new credit card in your name and going on a shopping spree! And that is just a best case scenario–with a little more data, they also have the ability to become you.

You don’t even have to willing agree to give them data, either. They can just quietly infect your computer and steal it slowly over time–passwords, login info, your search history. This is done through malware and viruses. These things are written to install silently and only need one click to get in. They hide in ads, and masquerade as files you may get access to for completing “special offers”. Once they are in, they are complicated [or impossible] to remove–if they’re even detected at all!

My brother–who for the most part, is fairly tech savvy–had a virus on his computer for six months, and never knew until I found it while trying to figure out why he was going over his data cap every month. All he knew was that he was receiving several gigabytes of overage, often to the tune of a $300 internet bill! The virus recorded every keystroke he made through screenshots that were then uploaded to a file storage server. It took a new screenshot every five to ten seconds. It was so ingrained in his system that it would restore itself after a low-level disk format and operating system re-install. He had to change all his bank cards, put a freeze on his credit, and throw out the hard drive–losing five years of programs, save files, and pictures in the process. How does he think he got it? He was looking for a serial code for an old game he owned, but had lost his legitimate serial for and went to a shady site. It’s not worth the risk.

Some especially insidious sites will use all three methods–forced clicks, mandatory “surveys” in order to unlock a file, and said “unlocked” file that turns out to be an installer for malware that gives them unlimited access to your sensitive information.

Yeaaaaaah! Checklist.
Yeaaaaaah! Checklist.

How to Spot a Malicious Site: A Checklist

If a website is offering an e-book you would normally have to buy, for free–but they require you to do something that seems digitally unsafe to obtain it, then leave. This includes the following:

  • Asking you to click a link or button to “unlock” the file or download link to said file.
  • Asking you to fill out or participate in offers that require you to submit sensitive data. [SSN, Home Address, Phone number, etc.]
  • Directing you to a different website while browsing.
  • Appearing sparse or like a generic template.
  • If there is no contact information for the webmaster on the website.
  • Hotlinking to cover images from legitimate sites.
  • If all the comments or reviews are the same across all available files or seem to be entirely posted by anonymous people.
  • If the website is taking too long to respond, or causes your web browser to ‘hang” [Stutter, or freeze entirely]. This can be a sign that an unauthorized add on, widget, or program is installing itself without your permission.
  • If the website asks you to turn off or otherwise disable safety software such as running antivirus programs, malware monitoring services, firewalls, etc.

Using the information found here, hopefully you will not fall prey to these tricks. I want my readers to stay safe!

Yay!

Additional Resource Links

Watchdog Sites

Web of Trust

Scam Adviser

Spam 404

Free Online Virus Scanners

Virus Total

Where to Report Bad Sites to Search Providers

Google

Yahoo

Bing

Verified Safe e-book Retailers

Amazon

Google

Apple

Smashwords

Nook

Kobo

Further Reading

Integrated Affiliate Advertising Redirects/Forced Clicks

What is a Virus?

What is Malware?

Lolcat Rainbow Defense, Activate!
Bonus lolcat!

Grand Theft: My Intellectual Property

I know I said I was going to let my shoulder rest, but this is too important to wait on.

I was informed of a website where an unauthorized copy of my latest book, Atlantis: The Visionary Continent, Volume #2: Awakening, is being offered! I couldn’t believe it, so I had to go see for myself. When I confirmed it, I was furious. Livid. Enraged! Other synonyms for insanely pissed! The more I investigated, the angrier I became. It was being offered for free!

Me, after reading my email.

I fumed. The book has barely been out for three months! After a half-hour of spitting anger, I started getting over my shock and began to formulate a plan to deal with this. I ran a Google search, but there really isn’t anything regarding stolen e-books, except advice to not offer books as a direct download from your site. [Which I was not doing–they’re exclusive to Amazon at the time of this posting.] I found some advice regarding DMCA [Digital Millennium Copyright Act, yo.] and decided to do a Whois search on the domain, so I could figure out who to send a takedown notice to.

This turned tricky fast, due to the culprit having a ton of domains that point to other domains, which then pointed to subdomains. I was going in circles. I took a closer look at the site to see if I could find any more info. 293 downloads? Anonymous people with no avatar posting very recent and generic comments? Something didn’t smell right. The work of other authors was on the site also, so I checked some of their listings–the number of downloads varied, but the pages were identical–right down to the comments.

I clicked through to the download page. I reached the instructions, and suddenly, the situation became clear. I quickly viewed the source code of the page, and discovered that my story wasn’t being offered illegally. They didn’t have the actual book–it was being used as bait for a phishing scheme!

Now, I know the classic argument is: “If people are looking for free copies, then they weren’t going to buy your book anyway, so you’re not losing sales“. This is a valid argument, except that what is actually happening is harming public opinion of my brand itself. That is much more difficult to recover from than a sales loss!

The setup is a common one, where the site offers a file: a program, MP3, video–or in this case e-book–and leads you to a page where you can download it. EXCEPT there is a catch–before the download link becomes available, you are usually directed offsite to apply for “special offers”. These look like credit card and loan applications, or free trials to subscription services. They ask for vital info, like social security and credit card numbers, home addresses, etc. More often than not, these are elaborate phishing scams where they use a person’s willingness to get something for free to convince them to give up sensitive info. You don’t get anything except a lot of spam email, and the hassle of having to freeze your credit and apply for a new bank account. Then if you can actually download the file, it’s usually not what was advertised–often it’s a Trojan designed to infect your system so these people can get more information from you. Then they either sell the data they collect, or use it for themselves.

Since the file wasn’t actually on the original website, I had no valid DMCA claim. I went to the root of the site to see if I could glean any info, when suddenly I was on… a legitimate cloud storage site? After poking around a bit, I discovered that the root site was set to redirect to a legitimate site–even though the file is clearly not on their servers. Why would that happen…?

The site is mocked up to look like a filesharing site, but it’s owned by the same person who owns the original site I found the listing on! This is an elaborate deception–this person thought this through, and wants to remain hidden. [Probably because the information they scrape and the malware and viruses they distribute are their main source of income.]

They didn’t even host the cover image themselves! It’s hotlinked from Amazon! The download link sends you to the fake filesharing front, which then redirects you to affiliates where you fill out the offers that will supposedly allow you access to my work. Well, as I said before, I viewed the source file and there is no download. Everything forces you to a file “locking” site that has a pretty bad safety rating itself.

File locking sites are commonly used for something called an integrated affiliate advertising redirect*, also known as a forced click. [Read more on them here.] When you click the download link, it forces you to view ads in an non-closable window, makes you apply for a “free” offer, or sometimes you’ll be told to take a “survey” before it lets you have access to the files you want. [Completing these actions supposedly unlocks the real download button or link.]

Every time you click the download link, the scammer running the fake site gets paid–sometimes even if you back out and don’t follow through! Not only that, but a savvy coder could use it to gain a click and steal your info. Several thousand clicks a day, plus sell-able or exploitable data? That adds up, especially the way this person has it set.

You see, at the end of this person’s setup, the user is presented with a blank white window. That’s it. No file. You are no longer useful. Your clicks and data have been taken. Get out.

It’s bullshit because it’s using my hard work to trick my unsuspecting readers into giving away sensitive information, and earning money fraudulently while doing it. Not only my readers–but anyone who might think it’s a legitimate source for free e-books! They scrape Amazon, using the allure of prose authors have slaved over as bait. They poison brands authors have worked hard to build in the mind of the people they trick. Not. Cool.

At first, it seems hopeless. How can I DMCA content these people don’t have? How can I go after them, not knowing who they are, or even knowing what country they are in? The person who set this up knows this. This is the cloak they wrap themselves in.

But me? What can I do?

Vocaloid. Specifically Hidoor Utopia by Miku
Vocaloid.  Specifically Hidoor Utopia by Hatsune Miku.

I know the affiliates won’t care–after all, they make money through the ad clicks. Web searches care, because the site is linking to content that could harm someone’s computer. They’ll pull the data, but it will be restored by the next web crawl. I could report the shady behavior to the domain registrar and get the domain revoked. That could work–for the amount of time it would take the person to figure out the domain is cancelled and buy a new one. So what can you do? What can I do?

For now, this is all I have been advised to say. I have several options, but in the meantime, I am going to focus on educating people. The more people that are informed, the less often these kind of sites will trick people. My hope is that over time, the profitability of these sites will drop, and they will no longer be worth opening. So share this post, [and the post linked above] and help get the word out!

Please remember you can ONLY purchase my books from Amazon.com! Volume #1 is $0.99 cents right now!

 

Thank you all for your support–stay safe out there!

 

*= What, you couldn’t cram “synergy“, or “omnichannel marketing” in there too?

 

P.S: If you are an author and want to check the site to see if your work is being used, please contact me through one of the methods on my contact page, and I will PM you the url.