As competition heats up online for traffic generation, online marketers are getting more and more desperate. While most online marketers stay squarely within the bounds of legal practices and a few tend to bend the rules quite a bit, most are still within the legal range of marketing activities online. However, there is a percentage of affiliate and online marketers that disregard legality and use highly illegal and unethical methods to generate ad clicks, product sales or otherwise meet their marketing goals. This subset of online marketers use techniques pioneered by hackers and unscrupulous online security experts to meet their marketing needs.
The commercial motivation behind malware
The bottom line is that compared to two decades ago, most virus malware and spyware attacks conducted nowadays are strictly commercial in motivation. The main point is money. Ten or twenty years ago, this was not the case. In those days, hackers and unscrupulous security experts focus on bragging rights, testing software, establishing credibility in the hacking community or they were driven by other non-monetary motives. Nowadays, it is all about the money and whenever there is money involved, it tends to boil down to who can be more flagrant, who can be more virulent and who can be more effective in compromising your computer security just so they can pursue a commercial goal.
Malware: Coming soon to a computer near you
The statistics are grim. Every year there is an unacceptable number of malware, spyware and virus infestation the world over. What is worst is there are huge networks of zombie computers being infected by malware that spans the globe. What makes this zombie computer network also known as botnets particularly dangerous is that they are not only used to send spam, but they are also used to take down websites using distributed denial of service attacks. These compromised computers would send data requests to specific target websites in an attempt to paralyze the target website’s servers. This is serious business and your security is greatly at risk.
The Rise of Search Engines and Social Network Websites
With the rise of sophisticated search engines like Google and social network sites like Facebook and Twitter, the battleground for malware, spyware, viruses and phishing websites is continually shifting. The sources and modes of transmission have shifted from e-mail attachments to search results and websites shared at social network sites. As search engines begin to get a bigger share of user traffic online and social network sites continue to proliferate the world over, the malware-specific vulnerabilities of these websites put users at a substantial risk. Pay careful attention to the tips that we are going to discuss below in order to minimize your chances of joining the ranks of the millions of users who have their computer security compromised annually by malware, phishing attacks, viruses and spyware.
Why You Can’t Trust Search Engines
Search engines have evolved quite a ways since the days of AltaVista. AltaVista used to be the number one search engine on the internet. Unfortunately spammers exploited this market dominance by filling AltaVista with garbage pages that often led to pornography and other objectionable products or services. More importantly, the ease that hackers can manipulate search results at AltaVista has inflicted the shady segment of affiliate marketing with the impression that search engines can be manipulated for nefarious ends. This impression has not gone away up until this day. The successor search engines and new generation search engines like the social media signal enhanced Google and Bing are targets of unscrupulous marketers in terms of using these services as distribution platforms for their attack sites.
How Do Scammers and Spammers Exploit Search Engines?
Using traditional SEO methods like building back links and on-page SEO, these unscrupulous marketers would boost the search engine rankings of certain pages that heed towards certain key words that they know get traffic. These key words can be hot trends that people are searching online or tweeting about. These hot topics can range from leaked videos, controversial documents or late breaking news. Regardless, these materials are late breaking items that many people search actively for. Using black hat SEO methods, these unscrupulous marketers would then build a lot of links to certain web pages and then on the web pages, they would embed code that would implant spyware on to your computer when you do a search for the target key word and you end up at their site.
Proactive steps by Search Engines
Search engines have not been exactly sleeping on the job regarding this kind of activity. They would often block websites that are triggered by their robots or search engine indexing software as attack sites. Google has been quite effective at this. If you run a search for a particular hot key word, you retrieve a suspected attack site and Google will warn you. However, this type of protection, since it relies on Google, is not exactly fool proof. Google like any other websites operates out from a data base.
Preventing measures are not foolproof
If, for some reason their robot software is tricked or misdirected by the target website, you are in for a lot of headache because you are pretty much clicking blindly towards at attack site. Attack sites work like this. When you end up on that page, software is downloaded and installed on your system. Thankfully, the later versions of Windows are effectively dealing with this automated install problem. However, there are still many older versions of Windows online, and hackers and spammers are using this huge number of non-updated OS available all over the world as their reservoir of target computers, which they can then use to create a botnet.
In addition to attack sites for malware installation, the search engines are also to a lesser degree exploited to proliferate phishing websites. Thankfully this has diminished quite a bit as more and more financial institutions become more vigilant. However, there are still quite a few fake websites out there and they are often used to trick people into signing up for an e-mail for some sort of legitimate seaming process, which can then start the process of identity theft. The key here is to make sure that you are dealing with the official website of whatever financial institution or online service that you are trying to use. This is fairly easy to figure out just by looking at the domain name. Be very aware of what website you are on.
Why Users Cannot Trust Social Network Friends?
Similar to the exploitation of search engines, hackers and spammers have also looked at exploiting the features and functions of social network sites to spread their garbage. Social network sites is a especially platform for spreading attack website links because of the viral nature of the spread of information on social network sites.
The Viral architecture of Social Network sites
You have to look at websites like Twitter and Facebook as composed of concentric rings. You are at the center and your friends are at the outer rings emanating from you. However, they themselves also have rings of friends emanating from them as well. It is very easy to see how the exponential growth of people at social networks and how they are connected to each other. If you like a particular piece of content and you shared the link on your Facebook wall or you tweet about it on your Twitter feed, the followers of your feed can easily share or re-tweet that message to their own sphere of influence. People within their own sphere would re-tweet and share and so on and so forth. All of a sudden, you have a massive explosion of that link regardless of how “unknown” the original sources was.
Marketing bonanza for both legitimate marketers and spammers
This is music to the ears of marketers in general, but especially for spammers and scammers. One of the biggest hurdles to online marketing is to get traffic and the explosive nature of how links can be shared at social network sites is a gold mine for marketers both scrupulous and unscrupulous. For unscrupulous marketers, they would create Facebook applications that would seek to steal your identity or trick you into giving your password. They would then automate the password log in process so they can log in to many different accounts at the same time, and then have those accounts send updates or links to attack sites to those compromised account’s friends list or follower list. This has been documented to happen at Facebook and there has been a legal action regarding this. However, besides the legality of the situation, it is a technical issue.
Prevention revolves around end user behavior
Prevention certainly cannot be controlled by Facebook because there is a step that requires the actual consent of the target account. You must be very vigilant to make sure that you do not fall for hacking attack on Facebook. One very common ploy is that there is some sort of x-rated video, naked pictures or any type of content people are normally curious about and would normally get a lot of attention. Be very careful of such links that are shared to you by your friend. It might not be your friend who is sharing the link with you but the compromised account. Take a look at the URL that Facebook shows where the link will take you. If you are getting a status update from your friend that looks like a YouTube screen shot, make sure that the link that is paired with that YouTube screen shot is actually YouTube. Be very careful since scammers and spammers have figured out a lot of ways to tweak people’s curiosity and they end up clicking and their computer being attacked by the malware website.
1. Always make sure that your Windows OS is updated
Windows always sends security updates. Make sure that your computer’s OS is always patched. Security compromises online often happen as quickly as when a hacking group identifies a vulnerability in Windows. Make certain that you are always updated. To automate this process, always ascertain that you set up your OS update to automatic. You can do this with your control panel settings at Windows. Make sure that you update your OS automatically. On a related note, if you are running an older version of Windows, strongly consider upgrading to the latest version of Windows. The sad truth is that there are many people with older versions of Windows that do not update their software. There is a whole cottage industry of hackers just focusing on this installed base’s vulnerabilities to create their botnet. Do not let this happen to you. Spend a little bit of money to upgrade into a new Windows system. If you need to upgrade your hardware, seriously consider pulling the trigger in doing so. Sure it may set you back a few dollars, but at the end of the road, the few dollars that you spend upgrading your hardware and your OS software greatly outweigh the lost time, productivity and lost money, and most especially lost peace of mind that you will encounter if you become the target of a security attack
2. Always verify that you have commercial anti-malware, anti-virus and anti-spyware software installed
There are many free antivirus and anti-spyware packages available online, but when it comes to bullet proof protection (or close to it), you cannot go wrong with a commercial security software. Why? These paid software packages have the resources and the motivation to continuously update their data base and find alternative data bases to identify threats. If you are dealing with a publisher of a free anti-virus, they have less incentive to make sure that they have the newest data base and allow these free anti-virus and anti-spyware publishers share the same data base. There is certainly no incentive to subscribe a rapidly updated data base or more importantly, to proactively run to place date online on the internet to identify a new malware.
Think long and hard about using free anti-malware applications
Paid publishers have all the motivation in the world since they are competing for precious anti-malware dollars globally to continuously up their game in terms of detecting, cleaning and preventing security breaches. On a related note, make sure that your commercial anti-malware software is always updated. Once again, just like OS software, these have automated update settings. Always confirm that your settings are set to update automatically. The difference between your computer being turned into a zombie bot computer and staying clean can be a matter of just one update. Make sure that you do not miss any updates and you always have your anti-spyware fully updated.
3. Do not just click on anything
If you are at a social networking website and a buddy posts a provocative update on their news feed, make certain that you have your thinking cap on. By this we mean consider the type of post that you are seeing and compare that with previous posts from that user. If that person is in the habit of posting provocative materials, more likely than not that new post is legitimate. However, if you have never known this person to post an update that has the same tone or content as the update you are seeing, for example a friend always posts short messages about themselves and very innocuous updates of that like eating at a restaurant or meeting with friends, then all of a sudden he is posting provocative video links with very revealing pictures, something is off.
Look for patterns
Also similarly from other person who rarely posts and then all of a sudden there is a large burst of posts all of a commercial nature, you know something is off. The key here is to compare the update with prior patterns. Another key consideration is compare if they are posting provocative stuff. Make certain that you are looking at the title to see if your gut is telling you that something is off. The most common is when somebody posts what looks like a YouTube preview picture. In reality, it is actually a clickable link to go to an attack site. How do you protect yourself? Look at the URL that Facebook or Twitter shows you. If it does not look like a YouTube link, ignore the suspect post. More effectively, you can click hide on your Facebook feed so you do not have to see the post again and be attempted to click later on.
Read the link before you click
Use common sense, compare domains and read the description carefully. There are many ways you can protect yourself. The only limit actually is how sensitive you are and whether you give yourself enough time before you click a link. Do not be click happy or you might regret it. As a final stage of protecting yourself, if your OS is updated, there will be a pop-up box in Windows asking you whether you want to install something. Just say no and go back to your feed and hide that post. Also notify your friends and tell them maybe their system got compromised.
4. Consider the source of the link
Just like an e-mail, if you do not know the sender, do not click the link. This is especially true with social network websites. Many people have the psychological need to have a large number of friends online. Nobody wants to be thought of as a loner or as a loser. We would like to have a lot of friends and this is one psychological weakness that spammers and scammers love to exploit. The more friends you have, the higher the likelihood that when they do ask you for a friend request and you have such a huge long friend request, you would squarely approve anybody. That is how they get to your friend list. Once they are on your friends list, then they can start sending you garbage. The key here is if you do not know the sender and they are not an actual friend or somebody you have done business with in the past or somebody you interacted with, there are actually three options you can take.
Verify your “friends”
The first option is you can verify whether you are friends or not. You can optically verify the profile, take a look at the picture, and take a look at the name. Does this sound familiar or is this a real friend or a friend of a friend? Take a look at who your mutual friends are. If it checks out that that person is truly a friend, then you investigate the link. See the tip above. The second option is you contact that person and ask him questions as to where did you know him from or how you are linked to each other. If they do not send their response within a reasonable amount of time, drop them from your friend list. Thirdly, to prevent the problem above from arising, simply be very vigilant about who you accept as friends. Be very careful with your friend request. Do not process them in patches. Do it one by one and ideally you should send the person a message and quiz them in how you know them. Ultimately if you feel you do not know them well enough or it is not worth adding them, be strong enough to deny or ignore their friend request. The bottom line here is do not let your need for social acceptance become an Achilles heel and lead to your computer being compromised.
The Bottom Line
Online marketing, whether scrupulous or unscrupulous, ethical or unethical, is an arms race. Affiliate marketers and online marketers in general are always looking for bigger, better and more efficient ways to get traffic to their websites to get people to buy. Because these techniques effectively zero in on how people behave online, unscrupulous affiliate marketers and spammers have exploited traffic generation through search engines and social media websites to their unethical ends. Follow the tips above so you can avoid becoming a victim. The stakes are too high to ignore this problem.