Cybercriminals rip off Victoria’s Secret Valentine’s giftcard seekers

Thinking of going online to get a Victoria’s Secret giftcard for your Valentine? Be careful where you look! Some Google search results are rigged, especially image results. And some innocent-looking links are part of fraudulent activities such as cookie-stuffing and click-jacking. Below is a short video that shows what happens when you click on one of these fraudulent or “poisoned” search results. At best you are headed for a waste of time and a bunch of unwanted cookies on your computer, at worst you could find your personal information compromised and your system infected by viruses, worms, or other forms of malicious software. I have provided some notes below the video for those who want to dig a little deeper into this topic.

(follow this link to go to ESET Blog that host’s the full video!)

Notes on cookie stuffing, click-jacking, click farms, and other forms of click fraud

Some of the terms I have employed in this post are relatively new and so their definition and usage is still evolving. Here’s a rough, brief guide to what they mean.

Cookie stuffing is an abuse of affiliate marketing cookies intended to mark a visit to a website that an affiliate has initiated, and for which that affiliate will get paid if the consumer performs pre-defined tasks, like requesting more information. The cookie stuffer acts as an affiliate and places cookies on a consumer’s computer even if the consumer has not been brought to the site by the stuffer, later getting paid for consumer actions.

Click-jacking can be narrowly defined as deceiving a user into clicking on things they did not intend to click on, or clicks which lead to pages or actions other than those the user expected when clicking. This is part of the broader category of fraud known as click-fraud. One form of this was revealed when a cybercrime ring was taken down in Operation Ghost Click last November. That’s when the FBI arrested 6 people who were alleged to have pocketed over $10 million from the illegal subversion of DNS settings on millions of computers. Related terms include:

  • Life-jacking: the posting of deceptive links on social media such as Facebook and Twitter in order to propagate click scams.
  • Like-jacking: deceiving people into liking a page on Facebook, thereby boosting the apparent popularity of the page. There is a black market in “likes” and these scams serve that market.
  • Click farming: simply paying people to click on links, a fraudulent practice openly marketed on sites like clickmonkey.

Note that affiliate marketing, like search marketing, is a legitimate online marketing strategy that has been abused, just like email, SEO, and PPC, by those who are greedy for results. For an in-depth look at the under-belly of affiliate marketing I heartily recommend “Inside an affiliate spam program for pharmaceuticals” by the always informative Dancho Danchev.

Also note that all personal information shown in the video is fictitious, faked to protect the innocent. Furthermore, brands such as Victoria’s Secret, and others reflected in the cookies set during the scam shown in the video, are victims of these   schemes and play no role in their perpetration.

Stephen Cobb
Security Expert for ESET

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s