Tuesday, September 16, 2008

Six-foot man eating chicken

The link was sitting there quietly, off to the side of a site I was checking for the price of something normally expensive (it doesn't matter what). The link looked like any other, so I chased it to get another data point. "I've been researching this topic," the site said, "and I've found that" -- again the actual name doesn't matter; I'll call it moosedung2diamonds.com here, or md2d for short -- "has the most reasonable prices."  The number quoted was about five times lower than anyone else, well into the "too good to be true" category.

Now the fun starts. I chased the link to md2d.com. It was a reasonably well laid out page complete with an avuncular-looking picture of the founder and a mini-video of a spokesperson inviting me to take advantage of the opportunity offered. All I had to do was send in about $50, at which point I would be able to download an eBook explaining how to (let's say) produce diamonds from moose dung at a very reasonable cost.


Out of curiosity I googled "moosdung2diamonds scam".  In the past this approach has generally been good for a batch of strongly-worded warnings that yes, md2d is a scam. What I actually got was a raft of pages asking "Is md2d a scam? Find out the shocking answer here ..."

You can probably guess that the narrative in these was consistent: "I thought that md2d must be a scam, but I tried it and it works!" some of them even warned only to purchase the genuine md2d article. There were, after all, a lot of imposters out there.

Some of these sites were sponsored links for the search. Some were on domain names like moosdung2diamondsscam.com. A few -- many extra chutzpah points here -- were apparently spammed onto otherwise legitimate scam-reporting sites.

Let's run that through in slo-mo: You run across a too-good-to-be-true proposition. But who knows ... just maybe? You google to see if it might be a scam. You skip past the sites that seem to have the scam name in them to something that looks independent. You chase the link there and find out that, no, it's not a scam at all. You gotta hand it to 'em.

Most scams (maybe all?) count on our assuming that something that's normally true is always true. In this case, we depend on the "many eyes" effect of the web -- if enough people see something, the truth will come out in the end. Importantly, this effect also assumes that the eyes involved are independent of each other (see this post and the first part of this post for a bit more on that).

But what the nice folks at md2d have done, and I'm sure they're not the first or last to do this, is create a little backwater in the web, a sort of Potemkin village where the "many independent eyes" assumption doesn't apply because it's basically a closed system. The domain name is unusual enough that no one is going to mention it by accident. They buy up a bunch of domain names (cheap) and sponsor some links (probably also cheap, and if not it's because they're getting lots of traffic for the scam). They create a mess of links all pointing back at the main site and probably to each other. This boosts the page rank of the scam sites, and again, there's nothing to wash that out.

The only thing to worry about, besides the cops, is the possibility of someone posting a legitimate scam complaint that gets enough outside attention to move up the page rank. Evidently, this is harder than you might think. I did find two legitimate scam complaints for the actual site, including one on the prominent site that had been spammed with the fake non-complaint (um, I hope that's clear enough), but they were both nearly lost in the noise. Your best bet in such a case is not to use raw google, but go to a scam-reporting site you trust and search there.

No comments: