Make Money Online

Editor’s Note: The following is an analysis of a set of claims made by Shawn Hogan regarding his time as an affiliate of eBay. The claims made by Hogan are serious in nature but are made in an unstructured fashion, delivered without evidence, and seem to be an attempt at salvaging his image. Such claims thus fall into the realm of rumor and innuendo meant to damage eBay’s reputation. It should be noted that eBay was always in good standing while  a Commission Junction merchant and that they are not currently, nor ever have been,  under investigation for such activities as claimed by Hogan.

Last week I posted about criminal charges being filed by the Justice Department against Shawn Hogan of Digital Point Solutions and Brian Dunning of Kessler’s Flying Circus related to allegations of cookie stuffing in the Ebay affiliate program. These were separate charges following a civil suit filed by Ebay in 2008 for the same activity.

Digital Point Solutions Responds

There are always at least two sides to every story. Yesterday evening I received a ping via Twitter linking to a blog post by Digital Point Solutions, written by Shawn Hogan, responding to these allegations. The post is rather long, rambling, and sensational, to say the least. In the post, Hogan defends himself against the charges of cookie stuffing and makes a few rather serious allegations against eBay.

Cookie Stuffing Timeline According to Hogan

I’ll try to summarize the claims made by Hogan, beginning with those aspects related to cookie stuffing activity. The following are facts according to Shawn Hogan:

• Hogan began working with the eBay affiliate program in the fall of 2004, at which time he began an SEO campaign to rank the term “eBay”. By the end of 2004 he held Google SERPs in the top 5 for “eBay” and maintained those until April 2006.

• The rankings were achieved, in part, through Hogan’s Co-op Ad Network. In early 2005, Hogan’s affiliate account came to the attention of eBay because of activity levels and he was assigned a direct eBay representative.

• In the spring of 2005, eBay suggested that Hogan’s Co-op Ad Network be used as a traditional ad network for delivering ads instead of a mechanism to only increase SERPs. Hogan began displaying a small percentage of the ad inventory with eBay ads (“tens of millions” of ads daily) which were ultimately affiliate links. This grew his affiliate account by “300%”.

• In the summer of 2005, eBay approached Hogan wanting more traffic at the same time suggesting he “experiment” with “gray area” techniques that were technically in violation of eBay’s TOS.  One of those techniques described was cookie stuffing, although Hogan does not specifically call it cookie stuffing in his post.

• Towards the end of the summer of 2005, Hogan’s eBay affiliate account showed up on a compliance report performed for eBay by Ben Edelman, an independent third-party compliance expert. [Author’s Note: At this point in time Edelman’s monthly compliance consulting typically focused on testing for cookie stuffing via adware. It is unclear as to whether Hogan was experimenting with this form of traffic generation or not. The Justice Department’s charges only indicate cookie stuffing via web pages.]

• Hogan was told by eBay that he was free to experiment as long as he didn’t show up in outside compliance reports. Hogan further states that eBay recommended he use geo-targeting to remain outside of areas that Ben Edelman was likely to be testing from. At an unidentified point eBay contacted Hogan to request the Digital Point Geo Visitor tool, which was installed on “millions” of web pages, to direct to eBay’s site when clicked instead of to the expected map. Hogan states this was being done some, but not all, of the time.He also states he informed eBay this violated their TOS, but that after consultation with their legal department, eBay requested that the Geo Visitor icon be occasionally replaced with an eBay icon. Hogan claims he considered this a “bait and switch” tactic and wanted to stop it altogether. However, the “pressure from eBay” ultimately won out and tactic was implemented, resulting in a doubling of his affiliate revenues.

• During a private dinner at eBay Live! in the summer of 2006, eBay again asked Hogan for more traffic. Hogan stated there was no way to drive more traffic without using non-compliant means. Hogan claims that the eBay rep responded: “As long as you don’t show up on compliance reports, it’s compliant as far as we are concerned.”

• Sometime in the fall of 2006, Hogan showed up on Edelman’s compliance report for the second time. eBay told Hogan to change his PID so that Edelman could not connect the accounts in any further testing.

• In the fall of 2006, eBay implemented their Rover links. Hogan was pressured by eBay to change his links over, but repeatedly resisted the change, asking them why they wanted the change. Hogan claims eBay finally responded, after months of questioning, that traffic coming through Rover had no compliance check.

• In June of 2007, eBay ended the affiliate relationship.

Hogan’s Allegations Against eBay

• Hogan speculates that the management staff of eBay’s affiliate program was compensated based on commissions paid to affiliates which caused them to turn a blind eye to his activities.

• Hogan further speculates that when Meg Whitman, eBay’s former CEO, left the new management began looking closely into how eBay was being run, including the affiliate program. The new management decided to “clean house” and he was ultimately used to set an example to all affiliates via the civil suit.

• Finally, Hogan contends that the criminal charges amount to a political favour since one of eBay’s civil lawyers has worked for the District Attorney’s office.

The Digital Point Solutions post might be a peek into the defense strategies which may be used in both the criminal and civil suits still pending before the courts. I am somewhat surprised to see the post at all since most defense attorneys usually aren’t keen on their clients making any kind of statement while litigation is ongoing.

Hogan seems to basically admit to cookie stuffing, along with some other tactics not covered in the indictment, and to knowing that such tactics violated eBay’s TOS. His defense appears to hinge on his claims that he was not only being given permission by staff on eBay’s affiliate team but pressured to use such tactics. However, admitting knowledge of the illegality of his actions does not make him any less culpable for them, regardless of whether or not his behavior was endorsed by an outside party.

Further Allegations Against eBay

Hogan makes further allegations of wrong doing by eBay that are not directly related to cookie stuffing, some of which are pretty serious.  These claims are outlined below:

• Early on during the spring of 2005, Hogan became tired of hearing his eBay contact talk about his “crappy” car. In order not to have to hear the repeated complaints, Hogan made a deal that if he ever made more than $1 million a month with eBay he would buy the rep a new car. Around the time he implemented the Geo Visitors switch and his affiliate commissions doubled, he began earning the $1 million a month. Hogan claims he gave his eBay contact $50,000 so he could buy the car himself.While Hogan admits it wasn’t “extortion” because he made the offer himself, he felt like it was due to continued pressure from the rep. Subsequently, he claims he was “coerced” into buying other items for his contact, including a plasma TV and laptop, and was told that “all the affiliates buy their contacts stuff like this”.

• Hogan claims that eBay admitted to him that their TOS were a “façade” allowing them to engage in any activity they wanted, such as spamming search engines, while providing eBay with deniability to major partners like Google. This way eBay could blame the bad behaviour on affiliates.

• Hogan further claims that during the private dinner at eBay Live! eBay employees informed him of a “black budget” that entailed a large dollar amount to be used at their discretion. This was not reported on the balance sheets or to shareholders. In conjunction with this black budget, Hogan reports being solicited by eBay to spam the web with eBay ads while eBay bought hardware off-shore to run the campaign so that the ads could not be traced back to Digital Point Solutions by Google.He continues by saying eBay expressed their dislike for Google and wanted to pay Hogan out of this black budget to hurt Google anyway he could and to “take down Google datacenters somehow”. Hogan claims that eBay went as far as to fly down an executive from the pay per click division to discuss the possibility.

While most of Hogan’s allegations are serious and involve charges of possible criminal activity on the part of eBay, he posted nothing to substantiate any of his claims. While I know that some companies engage in the kind of activities described by Hogan, it also strikes me that if claims cannot be backed up with proof then they are merely hearsay in the eyes of the Court.

Affiliate Dirty Laundry

While affiliate fraud has been getting increased attention within our industry lately, I am aware that bad behavior isn’t limited just to affiliates. Over the years, I’ve seen questionable tactics and activity coming from networks, affiliate managers, and outsourced program managers. Greed is an equal opportunity corruptor.

Cookie stuffing has been a dirty side of our industry for years and continues to be present today. Indeed there are still numerous posts on Digital Point Solutions forum promoting ebooks and scripts for cookie stuffing (screens shots available).

There is plenty of “dirty laundry” to go around in the business. This includes managers who encourage affiliates to break a programs’ TOS. I know firsthand of such incidents. It is an unseemly side of the business that unfortunately happens. It appears that if either of the cases against Hogan goes to trial, the dirty laundry of affiliate marketing may be paraded across the courtroom, and not just as it relates to cookie stuffing. I wonder what impression of our industry this will leave on jury members.

We Have Choices

When I step back from Hogan’s post and put aside the sensational elements, a few things strike me. First, Hogan admits to engaging in cookie stuffing tactics, albeit with the alleged blessing of eBay. Second, he admits to using Digit Point Solutions tools (the Ad Network and Geo Visitors) to implement some of his tactics. These were tools installed on others’ web sites, undoubtedly with some degree of trust that they weren’t being used by the provider to engage in questionable affiliate tactics.

Hogan further admits knowing these tactics were against eBay’s TOS. His justification for engaging in the tactics seems to be eBay’s condoning and encouragement of the tactics.

We all have choices in our business dealings. No one could force Hogan to remain in the eBay program. No one could force him to engage in activities he knew to be in violation of their TOS (and indeed CJ’s TOS, although he never mentions CJ at all in his post). Even if any part of Hogan’s claims regarding eBay’s conduct is proven to be true, I do not subscribe to a “two wrongs make a right” mentality. And, frankly, neither does our legal system. Any wrongdoing on eBay’s part in no way justifies knowingly engaging in wrongdoing by Digital Point Solutions.

Regardless of what a representative of a merchant or network may tell an affiliate privately, affiliates should keep in mind that there may be someone further up the company food chain who disagrees. Ultimately, Terms of Service are legally binding documents between an affiliate and the merchant/network. It is prudent to abide by those TOS. If you choose not to follow those terms your are legally bound by, it can land you in court, regardless of how honorable or not others around you have behaved.

Read more:
Tweet This Post

The defendants in the following cases are considered innocent until proven guilty in a court of law. Additionally, the general schemes alleged in the cases are practices I have personally observed of numerous affiliates over the years.

Background

On August 28, 2008, eBay filed a civil suit against Shawn Hogan, Brian Dunning and Todd Dunning, along with their respective company entities Digital Point Solutions, Kessler’s Flying Circus, Thunderwood Holdings and BrianDunning.com. The suit alleges numerous actions including fraud, racketeering activity under RICO (Racketeer Influenced and Corrupt Organizations), wire fraud and unauthorized access of eBay’s servers. See full complaint (pdf).

The short version is that eBay alleges that the affiliates named engaged in “cookie stuffing”, specifically generating hidden forced clicks of their Ebay affiliate links. Hidden forced clicks are when an affiliate link is invoked without a physical click by the end user. Various forms of technology and/or coding are used so that the merchant’s site is not actually seen by the end user. The alleged activities in question occurred between 2003 and mid 2007.  eBay claims measures were taken to hide the activity and that the defendants denied any wrong doing when questioned by CJ, which at the time was still running  eBay’s program, regarding suspicious traffic.

While this case should be of significant interest to affiliates, networks and merchants, it is a civil matter. Currently the case is unresolved with the outcome pending before the courts.

Criminal Charges Filed

On June 24, 2010, two separate indictments were handed down by a grand jury in California against Shawn Hogan (pdf) and Brian Dunning (pdf) following an FBI investigation by the Cyber Crimes Department.. The indictments charge Hogan and Dunning with wire fraud and criminal forfeiture. Hogan was charged with ten counts of wire fraud and Dunning with five counts of wire fraud.

On July 22, 2010, Hogan and Dunning appeared before the court. Both were released under a $100,000 property bond and surrendering their passports. Both Hogan and Dunning entered not guilty pleas. Hogan’s next court date is September 9, 2010 and Dunning’s is August 19, 2010.

According to court documents, the maximum penalty in both cases is:

• Imprisonment of 20 years
• Maximum fine of $250,000 or twice the gross gain/loss (whichever is greater)
• 3 years of supervised release
• $100 special assessment (per count)

The indictments parallel the eBay civil suit, accusing the affiliates of engaging in hidden forced clicks within the eBay affiliate program.

For years cookie stuffing techniques have been discussed and debated in the affiliate marketing world. I’ve seen a rather casual attitude taken by some regarding the practice. I’ve seen long debates about what constitutes a physical click by the end user. I’ve seen black hat techniques for cookie stuffing and hiding the behavior discussed publicly. For me, one striking point with the indictments is that the FBI and a grand jury were evidently able to grasp technical aspects of affiliate marketing and tracking, and ultimately arrived at the conclusion that the tactics were criminal in nature.

Indictment Specifics

Several interesting specifics were outlined in both of the indictments:

• Between 2006 and June 2007, Shawn Hogan (Digital Point Solutions) earned approximately $15.5 million in commissions from eBay. Hogan was eBay’s number one affiliate.
• Between 2006 and June 2007, Dunning (Kessler’s Flying Circus) earned approximately $5.3 million in commissions from eBay. Dunning was eBay’s number two affiliate.
• Hogan and Dunning are accused of generating hidden forced clicks on both their own web sites as well as sites not connected with the defendants in order to increase the number of computers storing the eBay affiliate tracking cookie.
• The legal criteria for wire fraud was established not on money (commissions) being transferred over the wires, but because of transmission of the tracking cookie between states and internationally.
• The affiliates attempted to hide the activity from eBay and CJ by not engaging in the cookie stuffing on computers located in San Jose (eBay headquarters) or Santa Barbara (CJ’s headquarters). This is geo-targeting and is readily known to be used by affiliates engaging in questionable activity. Of course, not all geo-targeting activity in nefarious.
• Both Hogan (2005) and Dunning (2006) denied any cookie stuffing behavior when questioned by CJ.
• Each individual wire fraud account is related to a particular incident on an IP address outside California (location of eBay servers) where an affiliate cookie for the defendants was set.

Implications

Hogan and Dunning face serious repercussions if found guilty of the charges handed down by the grand jury. This is in addition to a pending civil suit which potentially carries stiff penalties of its own.

Regardless of the innocence or guilt of Hogan and Dunning, the fact that the U.S. Attorney deems cookie stuffing criminal should be a wake-up call for our industry.

As Linda Buquet stated when she first talked about the case, “For the blackhatters out there that say, ‘cookie stuffing isn’t illegal and all is fair in love and affiliate marketing’ – I say you better take a very close look at this case!”

The behavior outlined by the indictment is behavior, with some minor technical variation, I witnessed only yesterday by some affiliates. Nor is it difficult to find resources on how to engage in these types of activities, whether through web pages, adware, widgets, email or any other vehicle. Maybe now that the practice has been deemed illegal, the higher stakes will deter potential abusers.

Affiliates Indicted For Cookie Stuffing

Tweet This Post

Affiliate marketing is receiving some not so great publicity…again. This time it comes from Rik Ferguson over at TrendMicro blog as he reveals a Facebook Account Upgrade Scam, where fan pages promote a Gold Facebook account upgrade. Of course, there is no such thing as a gold Facebook account.

From Rik Ferguson’s blog post (bolding by me for emphasis):

So what’s the point for the scammer? Well if you follow all the instructions, you first invite all your friends to come and check out this (cough) great deal. Then, if you are credulous enough to click the button, you are informed that in order to access the Account Upgrade page you must complete “1 quick, free survey”, different versions of the scam page offer different surveys, but this is where the money is made.

The survey I tested linked (via a couple of affiliate marketing services) to a “Werewolf vs. Vampire” quiz which promised to tell me which I am (surely I should know that already?) at the end of the ten questions I am invited to enter my mobile phone number to receive my results. If I do that I am agreeing to pay a £9.00 joining fee followed by £9.00 every week until I cancel my membership via SMS.

Of course, I immediately wanted to know which affiliate networks were involved considering TrendMirco’s report of around one million Facebook user’s being subscribed to the numerous fake gold account fan pages.

The Gory (Albeit Probably Boring) Details

Although, it was stated that the scam had been reported to Facebook and the content was most likely being removed, I got out my shovel and began digging. A quick Google search showed the content was being removed, but I was able to quickly pull up some of the offending pages courtesy of Google cache (see below).

The first thing I noticed was that the affiliate behind the fake Facebook upgrades appears to be geo-targeting the offers displayed to the end user. While Rik Ferguson obviously received UK cell phone offers, the offers displayed to me were US based offers (see below).

The actual offers differed at times, but all pretty much followed the same CPA network click stream. The irony of one of the quizzes being called “How Dumb Are You” was not lost on me.

The domain responsible for the above display on Facebook is corporate-promo-mfg.com. This domain was consistent throughout all of my research.

The affiliate link on corporate-promo-mfg.com is for CPALead with the publisher id 42109. Whois records for CPALead.com show the company as located in Wisconsin. The contact information on their web site indicates they are located in Las Vegas, NV.

CPALead redirects the click to click2go.org with an affiliate id of 3013 and sub id 42109 (passing the original publisher id). Click2go uses a Privacy Whois service, however the IP Location is tied to TattoMedia.

TattoMedia is certainly a player in these types of SMS ads and I’ve come across them numerous times in connection with adware usage. At this point, CPALead is acting as an affiliate/publisher of TattoMedia.

Click2Go then redirects the click to webventures.directtrack.com with the aff id CD43 and sub id 3013 (the id for CPALead as an affiliate with TattoMedia). Note that at this point, the original affiliate/publisher id is no longer being carried through on the actual tracking links. If you go to webventures.directtrack.com, you are brought to a sign-up page for MundoMedia.com. MundoMedia uses a Privacy Whois service as well, but their web site shows contact information for Toronto and Los Angeles.

MundoMedia  redirects the click to linktrack66.com containing the same aff id and sub id. Linktrack66.com is another tracking domain associated with MundoMedia.

Finally the click is redirected to MyMindQuizzes.com where the actual survey resides. MyMindQuizzes also uses a Privacy Whois service but resides on the same IP address as MundoMedia. Sometimes CPA networks will host a sign-up form for an advertiser on their own servers; other times it may be the CPA network themselves in ownership of the offer.  Looking at the Terms of Service page on MyMindQuizzes, I found mention of the company name Neo Image.

The short version is I found three CPA Networks involved in these deceptive Facebook ads: CPALead, TattoMedia and MundoMedia.

The Plot Thickens

You may be asking yourself “So what, the fraudulent ads were reported and Facebook removed the pages. It’s just a little bit of bad PR that will most likely quickly fade in people’s memory.”

If only that was case. The reality is that people who are making some nice change, regardless of how they are making it, aren’t always willing to give it up quickly. TrendMicro reported the incident on Monday. On Wednesday I did a search through Facebook (not Google but Facebook) and I found several new and active fake Facebook Gold Account fan pages with fan totals in the tens of thousands. When I viewed the profile pictures of one of these new accounts I saw pictures were added Monday. Even while Facebook was removing pages, new ones were evidently being set up.

Some of those pages are now gone, but I see new active pages again today with one simple search.

And while Facebook may be attempting to keep up the affiliate links involved remain active. There does not appear to have been any termination of the affiliate account by the CPA networks. Indeed, if you recall I went from a Google cached page on the account on Facebook to even track which CPA Networks were involved.

The Implications

There are several implications to this type of situation. The most obvious is  while the incidents were initially reported in the UK, they are now happening in the US as well. There is no way this ad promotion will meet the FTC guidelines regarding deceptive advertising practices. You don’t have to be a lawyer to figure that one out. When you start hitting numbers of consumers in the million plus range being potentially impacted, it’s almost like screaming for the FTC big stick to head your way. Everyone in the click stream trail is at legal risk.

What about those consumers? If you look at the last screen shot I posted, you’ll see that Facebook groups against this one particular scam are beginning to form. I’ll hazard a wild guess and say consumers aren’t happy about it either.

Is it a wonder that security companies tend to be less than affectionate towards affiliates? This type of activity certainly doesn’t help our case, particularly when they have seen affiliate links tied to scams, adware and the such for years now.  It should be noted that Rik Ferguson didn’t say “CPA Network affiliates”, he said “affiliate marketing”.

The lack of transparency build into the sub-affiliate model should be neither an inherent excuse nor a mechanism to hide behind when it comes to ensuring fraudulent activities do not tarnish and stain our whole industry. It’s not like we are talking about an affiliate who is capable of generating only a limited number of ad views.  If a network cannot monitor traffic from an affiliate at that level, then they probably shouldn’t be a network.  CPA Networks must become more active in establishing acceptable marketing practices, monitoring their programs and taking action on offenses within the industry and as an industry, we must be clear to those outside of our industry, including consumers, that these types of fraudulent marketing practices are unacceptable.

These types of incidents impact our industry as a whole and how we function and navigate within it.  Please stay tuned for Part Two of the post.

I wish that I could say “the end” but it’s not the end of story.  That’s will Part 2 of this post.

Go here to read the rest:
Black Hat Affiliate Tactics in the Facebook Era

Search Engine Keywords:

• CPALEAD BLACKHAT
• CPAlead com
• make money with CPAlead
• make money with facebook blackhat

Tweet This Post

The recent attack on RockYou.com’s database opened many people’s eyes to a number of security flaws that exist on even some of the more popular web sites. To begin with, the RockYou social network’s database was susceptible to a Structured Query Language (SQL) injection exploit.

According to Jeremiah Grossman of WhiteHat Security, at least “16 percent of websites are vulnerable to SQL Injection” so while sad, it is not surprising. Jeremiah also sites Verizon’s Data Breach Incident Report (DBIR), which says that “SQL injection attacks, cross-site scripting, authentication bypass and exploitation of session variables contributed to nearly half of the cases investigated that involved hacking.”

More shocking is that the user account data that was stolen was stored in clear text – plain text that has not been encrypted. For a site as large as RockYou, this is unacceptable. Still, it is not the most frightening thing that is exposed by this attack.

When igigi, the hacker responsible for the attack, harvested over 32 million username and password combinations from the site, the passwords – not the usernames – were posted online for all to see. After the collection of passwords was analyzed by the Imperva Application Defense Center, the results were a bit astonishing.

Password findings

After looking at the collection of passwords, it was found that:

• 30 percent of users chose passwords whose length is equal to, or below six characters
• Roughly 60 percent of passwords came from a limited set of alpha-numeric characters
• Almost 50 percent of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, etc)

And what were the most common passwords? The following table shows the top ten passwords in the first column. The second column shows the number of users who selected that as their password.

123456	290731
12345	79078
123456789	76790
Password	61958
iloveyou	51622
princess	35231
rockyou	22588
1234567	21726
12345678	20553
abc123	17542

According to their findings, Imperva reported that in 17 minutes an attacker could compromise 1000 different accounts using a brute-force password cracking tool.

“Everyone needs to understand what the combination of poor passwords means in today’s world of automated cyberattacks: with only minimal effort, a hacker can gain access to one new account every second — or 1000 accounts every 17 minutes,” said Amichai Shulman, CTO of Imperva.

Combine this with the findings from the British firm Trusteer that “73 percent of Internet bank clients share online banking password with non-financial sites, and 47 percent re-use both their online banking user name and password” and you have a potential for disaster.

Strong passwords

While there is no excuse for the mistakes made by RockYou, any efforts made by them to protect their database would do nothing to prevent a brute-force attack from cracking some of these passwords in a matter of mere seconds.

To make things more difficult on attackers looking to steal your passwords, a few basic rules need to be followed:

• A password must be at least 8 characters
• A password needs to consist of at least 4 different types of characters – upper case letters, lower case letters, numbers, and special characters
• A password should not be a name, a slang word, or any word in the dictionary. It should not include any part of your name or your e-mail address

A common complaint about the strong password requirements is that they are impossible to remember. After all, Aghe83#Qs@ can be quite difficult to rattle off when logging in first thing in the morning. Rather than writing down a complex password like this on a post-it note stuck to the monitor, opt for a passphrase. HisBirthd@yisJune12 is pretty easy to remember and it abides by all three of the strong password rules.

See the original post here:
RockYou is Latest Reminder Not to Neglect Your Passwords

Tweet This Post

Purveyors of malware and BlackHat SEO’s have been pulling in a great deal of headlines lately. It seems anytime something makes the news, there is a report of illegitimate web sites targeting keywords associated with the story to draw visitors into their malicious site. Earlier this month, I discussed how search poisoning is used to push malicious sites to the top of the SERPs. I figured a nice follow up to this would be a description of what the attacker does once he or she gets you to their site.

Drive-by downloads
The purpose of the search poisoning is usually to drive unsuspecting visitors to a malicious web site where the visitor’s computer downloads malware to their computer without their consent or knowledge.

A drive-by download , or drive-by installation, works by exploiting security vulnerabilities on the browser used to surf the Internet. A malicious web site is set up containing code that actively seeks out these vulnerabilities. When found, they send the visitor to a third-party server where the malware is silently installed on their computer.

Why the third-party server? Even attackers work hard to achieve these high page rankings, albeit through less than ethical techniques. Sending visitors to a third-party server means their ranked page can survive longer since it is not flagged as housing malware.

Examples
In the month of January, four headlines drew a large amount of interest from attackers. The rumors of actor Johnny Depp’s death, actress Brittany Murphy’s death, the earthquake in Haiti and the release of the Apple iPad all found themselves to be targets of a combined SEO poisoning/drive-by download attack.

In each case, the victim downloaded malware to their computer known as “scareware”. Scareware is used to frighten the victim into believing that their computer is infected with malware. In a panic, the victim purchases the advertised security software to clean their system. Selling bogus security software to their victims has been bringing attackers in around 15 million dollars a month. Not hard to believe when you consider that Consumer Reports estimates that 1 in 90 people fall for these scams.

While scareware is the malware du jour, it is not the only method of attack. Some sites install even less conspicuous malware onto their victims’ computers. Using Trojans, attackers can steal passwords, account information or create large botnets of zombie computers that they use to attack web sites, attack networks and spread spam. A prime example of this was when the Stadium for the Miami Dolphin’s web site was injected with a malicious code attacking those looking for Super Bowl information.

More to come
Just next month, the Winter Olympic games kick off and this summer, the World Cup will be in full swing. Security experts are already predicting these to be included in the next round of malicious keywords.

Protecting yourself from drive-by downloads can be tricky. It would be easy to suggest that people only visit well-known web sites, but that is counter-productive to the web. After all, what makes the web so great is the ability to find new and interesting sites.

Tools can be used to help identify sites that could be potentially dangerous. McAfee has introduced SiteAdvisor and Symantec has Norton Safe Web, but unless someone else has been infected by the site it does little to protect you.

The best solution to any malware is to run a legitimate anti-malware , or anti-virus for those stuck in the 1990’s, software on your computer that is updated frequently. Staying proactive is the only way to keep infectious files at bay.

The rest is here:
Drive-by Downloads on the Rise

Tweet This Post

In the last post I provided some background on offers and the confusion they may cause. I also pointed out the potential for scams. In this article, I’ll put a little more focus into the complexity of the offer systems and show another example of how confusing offers could lead to complaints.  For the sake of this argument, the values used in my examples are chosen for effect and are not accurate for any specific offer system.

Previously I described an offer for a free Walmart gift card.  The offer awards 21 points for participation in and promises to earn you a $1,000 Walmart gift card as well.  But what are the economics behind the offer?  How is it fiscally viable for a free survey or trial to result in you getting 21 points that would actually cost you $5 to purchase? In this case, it seems too good to be true, and it is. There are two views of the systems. First, the positive view: cost of acquisition.

In this model, when a company knows it typically takes $3 in direct and indirect advertising to acquire a customer they might decide to spend an amount less than $3 to acquire a new customer. For example, an offer may yield a $9 a month subscription to Netflix, at say a $2 cost of acquisition, and a subscriber who may or may not use the service. Typically, the offer would yield a trial customer, costing Netflix $2 in marketing, plus the gross operating costs to support that subscription, but no continuing subscription. For illustrative purposes, let’s say the trial included four discs, sent and returned, at a cash flow cost of $0.80 per disc (due to an estimated cost of $0.40 shipping each way for each disc) for a total of $3.20. The non-converting trial user cost is then $5.20 (or $2 + $3.20). Again, these numbers are estimates that may be off, but have some anchor to the real costs of the offer.

Then, there’s the negative view of the system in which advertisers get fleeced and users get scammed.

This model is comprised of two components: in point A, users take offers with no intention of spending any money with the advertisers, and (B) unknowing users sign-up for subscriptions without intending to. To illustrate point A, I encourage users to briefly visit the sites mafiawarstrategy.com or their sister site mobsterstrategy.com, both which cater to players of mafia/mobster games by Zynga, mentioned in the first part of this series, and Playdom, another large social gaming company. On these sites, and sites like them, you can find instructions on how to pick and choose offers, which offers are free, which offers to avoid due to spam, and how to manage your offers to insure you don’t get charged a penny.

My favorite part of the posts at these sites is that they carefully explain how to spot and avoid confusing offers that may never result in points. Worried about getting scammed? Well, these sites tell you what proof you need to get your points, the minimum actions needed to get your points, and what happens if you don’t do enough or don’t have proof. Be warned that you can’t access the content of these articles unless you do an offer. Of course, I make no guarantees on the quality of the offer that you’ll be shown.  And you should know that the ad network for the sites claims that publishers are paid $1 per action/offer completed.

So if you’re ready, go here. An image of the page you’ll see is below:

Note the phrasing on the page from the ad network: “These DO NOT require credit cards or trial signup offers”. Remember this screen for later in this article. If you click through or at least believe what I’m saying, you’ve already noticed that the article is all about getting points for free and not sending any money to the advertisers.

Now, on to point B and the risk users run for getting scammed. Let’s start by looking at the ‘free survey’ selections.

When you choose the IQ quiz you’re given a series of questions. The two images below  display the survey start and the first question. The IQ quiz seems harmless enough, and even better, I’m promised 21 points for answering a few simple questions.

Now, as you advance to the last quiz question, you get used to quickly clicking answers and never scrolling down. The questions are simple and nicely framed and there is no need to look below the frame of the quiz.  Once you reach the last screen, below, by rushing through the ten easy questions you’re faced with an innocuous phone number entry box and the prompt: “Enter your phone to get your results”.

The blackboard frame in the picture provides a psychological cue to stay focused on the quiz and NOT scroll down to the bottom of the page. So if you don’t scroll down and just enter your phone number, you would have just subscribed to a $4.99/month mobile phone service (see the small print). If you don’t enter your phone number, you would still have completed the survey, right? The only reason to enter your phone number was to get the results. Now, if you try to exit the survey, another page pops up trying to entice you to do another survey:

And if you close that, you end up on the article where you started, but the blocking overlay has changed:

You completed the offer by taking the “no credit card/no trial” quiz, but you did not take the final step to get your results and subscribe to the $4.99 monthly service. By the letter of the offer, you should have earned a reward; access to the article, or your 21 game points.

But the reality of the situation is that the ad network has to pay the publisher, so unless the user subscribes there’s no money to sponsor the offer. Users need to pay somehow, and these offers depend on people not reading the fine print and not scrolling down the page.

So what just happened? A user wasted his time, did not get his points, and the advertiser got nothing since the user failed to subscribe. And even if the user did subscribe they would likely unsubscribe immediately, as instructed by the article behind the offer wall.

Confused? Most people are. These offers have lead to various tech magazines citing revenues over $300 million for these types of offers, while related reward offers have been cited at $1.4 billion in a recent senate report.

So with 100 million teens and tweens looking for a leg up as well as ‘points’ to help them in games, do you really believe that they all read the fine print? Or that they will be able to find the fine print in an easy and non-confusing manner? It doesn’t take a high IQ to figure out the answer to those questions. And that’s somthing the scammers will try to take to the bank.

Excerpt from:
Virtual Goods, Offers, and Scams: Part 2

Search Engine Keywords:

• trial offers with free walmart gift card

Tweet This Post

There’s been alot of hype and debate around the concepts of virtual goods and offers due to a few high flying companies which have been media darlings. The highest profile company in question is Zynga, athough other social gaming sites and social networks have employed similar tactics. All have enormous user bases and are pulling in hundreds of millions in revenue, but the debate centers around how they make earn money. There’s too much to cover in one post, so this discussion will be split into two posts, with this one providing the basis for the controversy.

By some estimates, these companies may earn 1/3 of their revenues from something called “offers”. What is an offer you say? An offer, for the purposes of this article, is an exchange of information and/or actions to earn credit spendable on a web site, virtual world, or online game. The concept is simple and particularly lucrative.

Web site visitors or game players can get in game points or currency that they can spend on upgrades, weapons, tools, or other power ups that give them an advantage. The points, often called cash, coins, or gold, can be purchased directly using several payment instruments; but for the cash strapped, unbanked, cheap, or income challenged, a more attractive mechanism is to use offers to gain these credits. Offers, up until a month ago when negative media attention from sites like Techcrunch and backlash caused Facebook to clean house, included surveys, quizzes, trials for magazines, game rentals, DVD rentals, credit cards, and more, many of which touted free trial or no cash or credit card required.

The partial list of offers (left) entices the user to enter trials, sign-up for services, or take quizzes and surveys.

What makes offers so attractive? How does “Fill out a survey and earn 19 points” sound to you? Especially when 19 points gets you a 10% boost in game income, increased character speed or other abilities? So for just a few minutes of time, you can earn the points that other gamers may spend their hard earned cash on.

For example in the popular game Mobsters, by Playdom, it would cost you $4.99 to purchase 21 points; thus taking these surveys sounds attractive since the math would suggest that if I completed a survey every 10 minutes, in an hour I would have done 6 surveys, earned 126 points, and saved nearly $50. But think about what just happened – the discussion turned from 1 survey and 19 points to a subtle assignment of a working wage for the game player, where he/she could earn the equivalent of $50/hour. Other offers include Blockbuster video trials, Netflix trials, Credit Cards sign-ups, mobile phone content trials, and more. Great deal for the end user, on the surface.

Before going forward, I need to add that many of the scammy offers have already been removed from by many of the providers due to the media attention, however, even the remaining offers by reputable companies still have issues. The risks of these offers fall on the user signing up for the offer and the merchant sponsoring the offer.

• Does the users know what he or she is signing up for?
• What quality of lead is the merchant receiving?

Problems arrise due to confusion over how to complete the offer. The Entertainment book offer button takes the user to a page with no actual mention of the offer. Are users supposed to sign-up? If so, how do they get credit?

The same problem appears for the Direct TV offer. How does the user know what to do? How does he/she earn credit?

By now you may be wondering where the deal really is. If users have to pay for subscriptions, why don’t they buy points directly? Do users always have to spend money to get their points? You’ve now hit the tip of the iceberg and are wondering if this amounts to a system for scams.

As a starter for the next post, consider the two images below.

The offer is not from Wal-Mart, but from a rewards program company, and it looks pretty good, right? Well, if you read the fine print you’ll see that to get your ‘free’ $1,000 gift card you must complete 13 offers. But click through and look at the second image: you’ll see it says you have to complete two offers to get your ‘free’ gift. How does this make sense? The user was lead to believe they had to complete one offer to get their free 21 points. This is starting to smell like the BlueHippo investigation by the FTC, where offers were supposed to get you a free PC. Yet they only shipped one. Yes one.

In my next post I’ll discuss my experience trying a few of these offers, some additional math around the business, and discussion on the even larger problem that this is revealing.

Excerpt from:
Virtual Goods, Offers, and Scams: Part 1

Tweet This Post

Lots and lots of posts around about the FTC shutting down known spam, botnet, child pornography, fill in bad stuff, hosting provider Triple Fiber Network (3FN.net), aka Pricewert LLC, APS Telecom and APX Telecom, yesterday affecting 15,000 websites. The FTC said they were actually advertising their services in the dark under belly of the internet, hosting vast quantities of illegal, malicious, and harmful content, including child pornography, botnet command and control servers, spyware, viruses, trojans, phishing related sites, illegal online pharmacies, investment and other Web-based scams, and pornography featuring violence, bestiality, and incest.

While this is great, the more trouble we can cause these guys the better, what does it really mean to these guys? Servers are already popping back online, many sites are already backup at other providers and 3fn themselves say they will be back online in hours or days, so it won’t be long until things are running smoothly for them again, and as has been mentioned, there’s been no noticable dropoff in spam, so while they’ve taken off the head, the body still functions, as far as the spam and botnets go. What is needed is criminal prosecutuion as is mentioned at Security Fix.

“It could be that other law enforcement organizations are using the FTC as a front in order to obtain evidence for later criminal prosecutions,” Rasch said. “What’s interesting about that approach is that in order for these guys to get out from under this court order, they’re going to have to show that they’ve taken steps to clean up their act. But if there is a criminal investigation ongoing against 3FN, then anything their operators say in trying to convince a court to lift the order can and will be used against them later.” Source: FTC Sues, Shuts Down N. Calif. Web Hosting Firm

But how hard would that be? You’re talking tracking em down, extradition, lots and lots of work. What needs to happen is for the FTC to start fining merchants who profit from spam and spyware, they should no longer accept ignorance as an excuse and fine them. After so long, a month or two, fine them again at quadruple the rate, or whatever, and so on until it’s no longer profitable for any of them.

Another possibility would be to fine the networks for allowing the spammers in and promoting them to the merchants. Or that could be a lawsuit from the merchants after they have been fined heavily. I don’t care, it doesn’t matter how it’s done as long as the money dries up.

Excerpted from:
Spammers, Botnets, Child Pornography, Oh My

Tweet This Post

I had the pleasure of listening in to yesterday’s roundtable hosted by Brian and Carolyn of ShareASale.  The topic of the round table was affiliates’ use of downloadable toolbars and what was acceptable to operate within the ShareASale network and what was not.  I commend Brian for taking on such a contensious issue in such a public manner.  I don’t believe there are other networks willing to publicly include their affiliates in issues like this.

The call started with a brief presentations, 25 minutes or so, by Brian that framed the discussion.  Each participant was then given the opportunity to add to the conversation or ask a question, either by raising their (virtual) hand and commenting via audio or submitting an anonymous questions via AOL instant messenger.  Great use of technology and it proved a very effective means of interaction.  I had all of my questions answered during the call.

Brain framed the discussion of toolbars by first making the distinction of Customer Service vs Marketing.  Customer service, in regards to toolbars, interacts with a previously identified customer to strengthen the relationship.  Marketing attracts new customers.  This was important point to start from.

The presentation then moved on to “who owns the desktop”.   Here are some of the points Brian set out:

• User has the right to download software on their computer
• Marketer/merchant has the expectation that their content not be modified
• Toolbars should in no way interfere with content on an individual site.  Example click to call, price comparison, product replacement.
• “people have created toolbars that allow for real time price comparison.”  stuff in their cookie

Brian laid out three levels of toolbar download.  I couldn’t take notes fast enough, but here is what Brian wrote on ABW:

• A Level 1 Toolbar is one that doesn’t interact with the user. The user interacts with it. For example, this could be a search toolbar that has nothing but a search box at the top. It doesn’t do anything until the user tells it to go do something such as look up a term, etc…
• A Level 2 Toolbar interacts with a user only after a click event from that same affiliate’s website. So – in a clear example based on loyalty sites in affiliate marketing:A user goes to the loyalty site on their own – and clicks a link to a merchant. Only at this time does any interaction such as a change in color, message, etc… The toolbar is providing a customer service function to a customer who had previously clicked on an actual website link. If a visitor direct type-ins a merchant URL, this type of toolbar does NOT interact with the user. The toolbar only interacts with the user when a click takes place directly from the loyalty affiliate’s website.
• A Level 3 Toolbar interacts with a user wherever site they may be on. Additional functionality of toolbars include notifications when users “could be” earning commissions by shopping at another site, etc…. This toolbar provides both a customer service but also a marketing purpose.

And went on to describe some of the behavior:
Automatic redirection

• •Automatic redirection has been a real problem in the past
• “no room for automatic redirection at any time”
• Penalties should be severe

Positive vs Negative Notification

• Probably the area of biggest debate
• Most critical element
• Positive – a reinforcement of a previous click – if you are a toolbar provider and affiliate marketer and the toolbar is of the same affiliate. A user clicks from that same affiliate, allowing that toolbar to interact with customer is a positive interaction as the toolbar and affiliate are the same. Toolbar is prompted by a click from the same affiliate’s site.
• Negative notification – a pre click notification. You are on a different site than the toolbar that is notifying you, it is pre any click from any user on the toolbar provider’s website
• The third type is no notification. A toolbar is sitting there and redirects or some other function without any notification.
• Brian’s goal was to allow those silent notification and positive notification whle providing guidelines for negative notification toolbars

The last portion of Brian’s presentation focused around the fact that Technology moves very fast and he wants to evaluate what sort of toolbar technologies SAS wants to allow within their network.

The group, somewhere around 100,  as a whole pretty much agreed that Level 1 and Level 2 were ok.  I didn’t hear anyone specifically have anything wrong with either one, but one participant pointed out that no one can speak for the entire group, but it is safe to say those two levels are pretty safe.

Resulting from a question, Brian stated that his intention was to forge a new policy at ShareASale and not necessarily the industry.  A few asked what SAS’ motivation was for this change and Brian was very forthcoming with his answer.  Many merchants have asked if certain affiliates could be allowed within the network.  This has moved SAS to re-evaluate their policy.  Brian stated: “The changes come from technology and market request. We have merchants ask to allow inclusion of toolbar affiliates all the way up to level 3. … The solution may be to allow only level 1 and not 2 or 3, but this is the situation we are at…” “it may not be something that is an obvious problem to someone from the outside, to me, from what I hear and go over, I think it is a problem that needs to be addressed”.  He also stated that no decisions have been made and that this call was intended to solicit responses, ideas and feedback on this issue that SAS feels is a very important one.  SAS has often been at the forefront of this tool bar issue and it was refreshing to see them ask the community for thier input on a company policy.  I wish other organizations would do the same, and I bet you do too.

There was a flurry of questions.  Here is an incomplete list of a few of them:

• What kind of punishment would be pursued on offending affiliates
•  Would SAS identify toolbar affiliates within the affiliate manager’s interface – To which Brian responded ““yes definitely, this would be a pretty important piece for us” “an application process would be outside the current application process and may include other forms of documentation so the merchant understands what is going on and what we are watching. I do anticipate a change to the application process that clearly identifies these to the merchants”
• What toolbars fall into acceptable behavior?  There really wasn’t an answer to this, Brian stated, as what is acceptable behavior hasn’t been established.
• Is there a level of toolbar that you will not allow in? Brain:“definitely….auto redirect are a no” “the debate I am looking for is between level 2 and 3”. “The reinforcement of a prior click doesn’t interfere…” “my hope is that after today we can get past level 1 and level 2 and come up with something for level 3”

There were many other questions and I had to leave a bit early, but the general gist from participants was that anything that interfered with another affiliates traffic or auto redirected was a big no no and SAS agreed with that sentiment.  It was a great call that I am very glad to have been a part of.  This type of thing is very much needed industry wide – discussion, participation and a bit of self regulation.  It is a very contentious issue and it seems like SAS is going about this in the right way.

I may have missed a few things or missed a few quotes, if you attended, please add your impressions.

View post:
ShareASale Toolbar RoundTable

Tweet This Post

Fraud definitely is on the minds of online merchants this season. In fact, a survey sponsored by the Merchant Risk Council (MRC) conducted by the 41st Parameter Inc., revealed that 84% of the respondents believed that there will be a slight or substantial increase in online fraudulent activity this holiday season.

When asked about some of the largest challenges in fighting this type of fraud, two-thirds of the respondents stated that the increase in fraud ring activity and botnets (computers used to commit eFraud) are of utmost concern. Further, a full 30% of the respondents stated that a lack of money for the technology to fight online fraud is another formidable challenge.

With respect to these figures, Ori Eisen, the Chief Innovation Officer at 41st Parameter had the following to say:

“As the Global economy continues to slow down, organizations are slashing budgets across the board, including vital IT needs designed to help protect the bottom-line. What’s particularly alarming about this counter-intuitive strategy is roughly one-third of e-commerce fraud investigators surveyed said their number one challenge is not receiving adequate funding to procure proper fraud prevention technology, thereby leaving their online channel a key target for cybercrime.”

Quite an interesting statement indeed.

What Can You Do to Avoid or Prevent Fraud Altogether?
There are a number of tangible steps that a business can take to reduce the incidence of fraud. Here a few ideas for you:

1. Display the fact that you have a strong “anti-fraud” policy on your website as this warning alone may deter potential fraud incidents.
2. Ensure that providing a credit card verification code is mandatory on your website.
3. Carefully scrutinize any emails from Hotmail, Yahoo, and other free email accounts as fraud perpetrators prefer to use these types of anonymous emails.
4. Scrutinize any orders with a different “bill to” and “ship to” addresses. While these addresses may differ if consumers are sending a gift or are dropshipping an item, in many cases, it can be a sign of fraudulent activity.
5. Be vigilent when it comes to overseas orders.
6. Take advantage of technology and use an account verification system (AVS). This type of technology works to ensure that the zip codes or the postal codes of credit cards match the billing addresses.
7. On very large and/or questionable orders, call the customer and/or the credit card company to verify the information.
8. Employ the services of a company that specializes in fraud prevention.

With these steps you are now well on your way to keeping your business from falling victim to the rising tide of online fraud

Read the original post:
Is Online Credit Card Fraud on the Rise?

Tweet This Post

Chris Boyd (aka Paperghost) reported last week on his Spyware Guide blog about a dodgy offer for a “Free Online Batman Game” that in reality installed Zango and a crappy demo version of an ancient game that you could have downloaded for free somewhere else.It should not take more than a few brain cells to figure out that DC Comics is not coming to you with an online Batman game that nobody knows about and has not been mentioned in the press.

This shows you need to be wary still. Who knows how much either side knew, but when you have such an obvious misrepresentationyou really have to wonder.  Did people just look the other way for a buck?

 

Go here to see the original:
Holy Scam Batman! The Ghost Sees Through Zango

Tweet This Post

This concept is in my head for far beyond 2 1/2 years and I admit to myself that I am not going to do anything with it myself anytime soon. I outlined the general idea to several companies and people, but only shared the much more specific details only with a person who is as busy with other things as I am myself. I remember talking about it to Shawn Collins back in 2006 when the problem that my proposed solution is meant to take care of, was still on the rise and not that high on the priority list of things of the potential customers and users of the service.

When I saw Mark’s post at 45n5.com about “Steal This Idea – Your Abandoned Make Money Online Ideas“, I thought that my idea would be a perfect fit for this “series”.

I talked to people like Asasf Igell from Syntryx, Balazs Nagy, Tetsuto Yabuki, Andrew Wee, some outsourced development shop in India, a tools development company in Germany (SEO/SEM tools) and others, but somehow was it never going anywhere to make progress and have a real project. In some cases was it my own fault, but in some cases was it also the lack of time, interest and/or understanding of the concept by the potential partners for this project.

I decided to clean up my notes for this blog post and to publish the concept in as much detail as I have in writing myself (a large chunk actually, although there is still some stuff left in my head that was not spelled out yet). Anybody, person or company is free to grab the stuff and run with it.

If you make it happen and it becomes a success, send me an email, call me or buy me a beer at the next Affiliate Summit or something like that to tell me that it actually worked. You would owe me that and a thank you, but beyond that it will be up to you and how grateful you are and what the actual part of my contribution to the success was or not was. I am not a big fan of the ocean, so a yacht would be a waste of money hehe, just kidding.

The post is long, but you only have to read it in full, if you are actually interested in doing something with it. The first paragraphs are also interesting for the potential customers of the outlined services, because it talks about how to automate things that you might not even know about that you should do them in the first place.

There are some new services that are doing at least to some degree what I have in mind, but I don’t know of any solution that takes care of a need of a small and very specific niche with an unfulfilled need, waiting for somebody to come along to solve the problem and the need that was created from it.

General Purpose

Trademark Monitoring in Paid Search

Who is this solution for?

Affiliate Managers, Outsourced Program Management Companies

Background

The trademark concerns moved up to the #1 concern of advertisers in the affiliate marketing space as per Affiliate Summit East 2007 in Miami this last July. It was the #3 – #4 concern last year two years ago. (Note: Shawn, if you would have the links handy to your posts that talk about this and could post them here as comment, that would be great. I have a hard time finding some of your stuff, since your site re-design about one year ago )

The first step advertisers take is updating their affiliate agreement to specify the does and don’ts for paid search affiliates. This includes the specification of terms that affiliates are not allowed to bid on and/or maximum bid caps etc. Some prohibit bids on certain keywords to their general affiliate base, but allow selected hand-picked affiliates to bid on those terms.

So far so good; now monitoring and enforcing those policies becomes an issue. Abusive affiliates are also smart and use tricks to bid on forbidden terms without being detected.

The methods used include the pause of campaigns during office hours when advertisers and affiliate managers are likely to check for affiliates, who violate the TOS and also the exclusion of the location(s) where the advertiser and/or affiliate management company have their office locations via the geo-targeting features available at the major paid search providers, such as Google AdWords, Yahoo! Search Marketing and Microsoft AdCenter.

Advertisers who already use advanced software or services for paid search monitoring, competitive intelligence etc. can use those tools or services to do monitoring of the SERPs. How good the monitoring works when it comes to all the mentioned tricks, differs from service to service.

The rule of thumb is that the better the service is, the more expensive it is. For existing competitive intelligence services is this use of their solution, to monitor affiliate activities, only a by-product and not their core business. A large number of advertisers cannot afford the big enterprise services out there and/or also not justify the high cost, just for the purpose of trademark monitoring their affiliates.

Scalability (Business Point-of-View)

The solution would be a scalable service with recurring revenue (monthly/annual subscription), probably starting at about $10 per month for the basic service to more, depending on the client needs.

Fees should increase linear, depending on how much more the client wants to use the service.

“More” means not “different” in this case but additional things that are similar (some development to support additional things that are very similar to almost identical to what you started with) and/or more of the things that is already done for the customer and/or doing more often what you also already do for the client as well (= more hardware resources in essence).

Features needed to address those needs

1. Ability to specify a list of terms that need to be monitored

This list is limited in size, because it contains trademark and brand terms only.

2. Selection of Paid Search Providers to Monitor

1st Tier providers:

• Google AdWords
• Yahoo! Search Marketing
• Microsoft AdCenter
• Ask Sponsored Listings

2nd Tier Providers US:

• Miva Pay-Per-Click
• Looksmart AdCenter
• Findology PPC Search
• Enhance Interactive
• Search123
• ABCSearch
• GoClick
• 7Search
• ePilot
• Kanoodle
• adMarketplace
• FindIt-Quick
• Copernic Media Solutions Publisher Network

2nd Tier Europe:

• Espotting
• Mirago

3. Check Frequency

• Weekly
• Every other day
• Once a day
• Multiple times per day

Some randomness should be applied to this to prevent that the monitoring time schedule can be predicted and affiliates become able to adjust their PPC campaigns accordingly and pause their ads when they know that a check will occur.

4. Location where check is conducted from

To prevent that rouge affiliates can avoid detection by excluding the monitoring service via geo targeting, monitoring has to happen from various different locations around the United States and the world. For the most possible flexibility and ability to predict the location from where the check is conducted, the use of proxy servers is the best way to go. Starting with open proxies and then rent proxies down the road when business expands or find business partner with servers across the country (or world), which could be used as proxy.

5. Alerts

The advertiser needs to be alerted about activities for his selected keyword terms. This should be done via email and web interface. The alert needs to follow an action by the advertiser to tell the system the status of this incident and to know what to do with it in the future.

6. Known Ad versus new Ad

If a new Ad is detected at a search provider and an alert was sent to the advertiser, no future “New Ad” alerts should be generated for the same Ad in the future.You need to specify a set of criteria that allow you to determine the unique identifier for each Ad, to be able to determine, if an Ad is new and unknown or if you encountered this Ad before in the past already.You must gather as much information about the origin and target of the Ad as you possibly can; the basics include:

• Title
• Description
• Display URL
• Destination URL
• Final Destination URL (if possible without committing “click-fraud”)

You also need to log:

• search provider
• keyword
• position of the Ad
• used proxy location
• date/time of the check

However, this information is not part of the key to identify an Ad as new or old.

7. Actions by Advertiser

7.1 Categorization of Ads

This categorization must be done by the advertiser per hand. We might be able to extend this with some extended configuration options to automatically pre-determine the right category based on parameters such as domain of destination URL etc.

• Own Ad (advertisers own paid search campaign) (okay)
• Approved affiliate Ad (okay)
• Competitors ad or competitors affiliated (okay)
• Unapproved affiliate Ad (action needed, warning email, reversal of commissions, account termination)
• Violating Competitors Ad (action needed, cease and desist)

The default category would be: “Unknown Ad”

7.2 Action Needed Categories

If a new unknown ad is assigned to an actionable category, an incident is created. The advertiser has to assign the incident to an entity, which he needs to specify. He can select an entity from a list of previously created entities or create a new one. Entities could be a specific affiliate or a competitor.The incident must also contain the keyword phrase(s) as key and date stamps for first and last reported occurrence. Geo location information might be logged in addition to that (a flag if geo-targeting was used or not might be sufficient at the beginning).The advertiser needs to specify, if the incident can be closed automatically by the system, if the Ad disappears, or if this will be a manual step, the advertiser wants to perform by hand. Reoccurrences of the same incident while it is open are tracked and stored with the open incident.

If an incident was closed and the same Ad reappears again, a new incident is created, but with reference to prior incidents that are in status closed.

This allows for example to see, if the same Ad is used for another forbidden keyword phrase or if the Ad suddenly appears with geo targeting filters in place after running nationwide before.

8. Logging

All check results should be logged to be able to provide additional functionalities in the future. It should be logged the advertiser, the keyword phrase, the search provider, date/time of check and the proxy that was used for the check and then store all the ads that were found during the check.

Development Notes

• The database will grow and archiving needs to become a functionality that is needed early on.
• The development of the features can be phased-out.

Special Development Skills Needed

• Experience with pulling web page results via HTTP?
• Experience with using proxies to make those requests?
• Experience with parsing SERPS, organic and/or paid search results?
• Know the structure and format of Paid Search Ads to extract information like “who is the advertiser?” or “What is the landing page URL of the Ad?”

Pricing Notes

The pricing options should also vary depending on the needs. Pricing will depend on the number of terms to monitor, search providers to cover (1st tier only, 2nd tier only, both), number of geo locations from where to check and frequency of checks.

The most basic package which will be sufficient to get started and a hang on things should be priced below $20 per month and include up to 5 terms, 1st tier engines monitoring, 2 geo locations (east coast and west coast) and perform those checks once a day with a randomized time of the day to check during different times of a day and cover every hour of a day within a period of one month.

Fees can then be increased depending on the needs of the advertiser. More terms to monitor, additional search providers, more geo locations, higher frequency of checks (multiple checks per day etc.)

Profitability

Getting it up to making a couple hundred dollars each in profits is not very hard (and pessimistic). I would consider $1,000 grand per month in profit for each of us, without the need to spend any time on it other than making sure that the hired services (hosting etc.) do their job and on feedback from users to get new ideas for how to improve and/or expand it.

Everything beyond that is added bonus and would depend on how serious we proceed on that avenue.

Current Market and Marketing Strategy

Initial marketing cost could be kept low to almost nothing and include the use of blogging, posting in forums (where possible and/or applicable) etc. to get the word out, letting people know what you do and how much it cost. Those methods rely on a viral affect to be effective in getting more business.

I would suggest to provide free access to a handful of people, who are influencers, have a voice and like to try thinks out, if they believe that it will help them and their pears doing a better job with stuff they already do today (at least should do), but very inefficient and inadequate. This would increase the likely-hood of success for a marketing campaign that relies heavily on word of mouth promotion of the service.

The businesses talk about those things to a larger degree than other stuff, because talking about this subject does not give anybody a significant competitive advantage over a competitor, which would prevent him to talk about the subject and share useful information and tips, in the hopes that that the competition will find out about those useful information as late as possible. All this is not a problem, which is the reason, why viral marketing might has a good chance to work well and help with some significant business growth initially.

Large companies are not the target, because they get or can get what we provide indirectly (to some extend) from services that are much more expensive, and which they probably already use for other purposes. You can use other services to do what I suggest, but

1. A small team of partners or even an individual can do it a lot cheaper and
2. Do it optimized to a larger degree to serve this small niche that is probably too small for many of the large players out there.

The other services are designed for other purposes, thus not competition really.

The high price tag of those services puts them out of reach for a large number of businesses who would only be able to leverage a fraction of the features those services offer and never be able to get the returns needed to justify the cost for them.

Players that I am referring to include services like:

• Syntryx – Syntryx.com
• Adgooroo SEM Insight – Adgooroo.com
• Hitwise Search Intelligence – Hitwise.com

To a limited degree services like:

• Trellian Competitive Intelligence – ci.trellian.com
• KeyCompete – KeyCompete.com
• Compete Search Analytics – searchanalytics.compete.com

Other Trademark Monitoring Services include:

• Thomson & Thomson – thomson-thomson.com
• LegalZoom – legalzoom.com
• Trademark Center – tmcenter.com
• Trademark Tracker – trademarktracker.com
• NameProtect – nameprotect.com

Beyond the Basics / Cost and Compensation

After that is it depending on how hard you push it.

Press releases, paid search, old media advertising, display ads, sponsorships and all that can all be done and will help to increase the business, but will be completely up to you, if you want to do any or none of those and how much you want to spend on it.

My suggestion is that the first revenue will be used to pay for your time and any outsourcing you are doing to cover the basic needs, then not pay out the profits right after that and accumulate money that will be used for future expansion, including outsourcing of development, marketing and that sort of things.

After that money could be paid-out to be used for other purposes and new projects, but I would still recommend having some money going to a general pool every month and use it for expanding the business. If you think that some of the initial development can or should be outsourced, make sure that you have money available up-front to cover this.

The first profits could then be used to pay back your initial investment.

Another option is that yours or your potential partner’s development time will not be paid in cash up-front and considered yours or your partner’s investment into the project and you or your partner would have to put the same amount into the project in cash, which then would become the money for marketing and expansion etc.

Important for any fair partnership is, that both parties will have the same share of investments and risks in this project to prevent any unfair imbalance. Some work like maintenance, administration etc. can probably not be outsourced, at least not at the beginning.

While it may not cost anything, does it still take time to do it. You or your partner might be ending up working more on this than the other partner. That’s why should a compensation for this time become part of the partner agreement and considered to be the equivalent of a cash investment right from the start.

Everybody getting the same piece of the pie, no matter if you/he contributed 0 or 100 hours each month into the project is not right. I would suggest that you are not doing that mistake.

How long will it take?

Depending on the existing routines (code) and knowledge you and maybe also your partner has already, a few days to a few weeks for the core, then some time for the user interface and usability features, that you can do yourself or outsource. The standard stuff; such as User signup, Account management, recurring billing etc. that is a very good candidate for outsourcing or for the use of an out-of-the box solution.

The audience who is targeted is more Internet- and tech savvy than the average user and could be considered power users. They can be as demanding as they can be forgiving. You have to keep the mix of price, features, support and service just right to keep them happy and turn them into evangelists of the service.

Well, it can take months or years, if you don’t work on it as I did. So go and run with it, now!

Cheers!

Carsten Cumbrowski

Cumbrowski.com – the Internet Marketing Resources Portal – a project that I actually did start and, which made some progress over the years to take it a bit more serious than when I started it in 2006 .

Update Note! I looked over the post ones more and thought that I should add the following:

I do not think that the market for this service is huge. It has certainly not the potential for becoming the next multi-billion dollars company; I even think that a multi-million dollars business is not very realistic.
It is a very small niche, but it can be served and being profitable at the same time.

The approach is scalable to reduce the need for a large up-front investment of time and resources in the hope to get that investment back one day and then some. You can start small and grow while revenue and profits grow at the same time.

Furthermore, your customers will be a very specific kind of customer with many other (related) needs that are growing and multiplying in the years to come with almost absolute certainty. It will only harder to do the job of managing and watching over an affiliate program. The industry as a whole is growing too. You can have your finger on the pulse of your customers and the opportunity to create plenty of spin-off business from them.

Today a watch-tool to detect rogue PPC affiliates and tomorrow some other tool that takes affiliate managers a lot of time to do by hand over and over again.

Considering those facts, things look actually much better overall. I think those facts are actually important and not just pure wishful thinking and a fantasy of nice dreams.

See the rest here:
Paid Search Monitoring Project Concept – Run with it!

Tweet This Post

I previously reported on a big win ($230 million) MySpace got on Sanford “Spamford” Wallace, and today comes news that Scott Richter and his company, Media Breakaway must pay MySpace $4.8 million in damages and $1.2 million in attorney’s fees for sending unsolicited advertisements to MySpace members.

It’s interesting that the headlines for this have ranged from Adotas’ mild “Arbitrator Ends Media Breakaway, MySpace Dispute” to Wired’s harsher “MySpace wins another verdict against alleged spammer.” I saw the first headline and read the story, and when I saw the second headline I assumed it was a different case. Not that $6 million is chump change, but a judgment that is is reduced from somewhere in the neighborhood of $100 million in damages to $4.8 million is noteworthy and to me, a big hit for MySpace and their claims.

Read more from the original source:
MySpace Wins a Small One

Tweet This Post

The Federal Trade Commission (FTC) made a revision to the original Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (called CAN-SPAM or the Act) after three years considering public comments.

The Commission received 152 comments and suggestions on the NPRM and 13,517 comments and suggestions on the ANPR from representatives of a broad spectrum of the online commerce industry, trade associations, individual consumers, and consumer and privacy advocates. The Commission vote to approve the Federal Register Notice was 4-0.

I decided to post about this update, because I like to point to the CAN-SPAM act as a good example for what you get as an industry, if you are unable to regulate yourself and specify any form of best practices to be able to distinguish themselves from unethical spammers. Although the Direct Marketing Association (DMA) was able to get some changes through before the final release of the act, but that you could best describe as damage control. The DMA was not involved when the act was originally developed. As you can see, the FTC was this time much more open to feedback and comments (I assume that one reason for that was the fact that the Act did nothing to reduce spam, but caused an outcry from legitimate advertisers instead).

If you are not familiar with the original CAN-SPAM act, here is a link to the document in PDF format at the FTC website.

The 4 points that were added to the original act address some of the practical issues that resulted from the original act, but none of them will have any impact on reducing the SPAM problem itself. If you hoped that you will receive less spam anytime soon, then you will be disappointed.

The FTC News release from May 12, 2008 summarizes the changes as follows:

1. an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender;
2. the definition of “sender” was modified to make it easier to determine which of multiple parties advertising in a single e-mail message is responsible for complying with the Act’s opt-out requirements;
3. a “sender” of commercial e-mail can include an accurately-registered post office box or private mailbox established under United States Postal Service regulations to satisfy the Act’s requirement that a commercial e-mail display a “valid physical postal address” and
4. a definition of the term “person” was added to clarify that CAN-SPAM’s obligations are not limited to natural persons

The full text of the Federal Register Notice can be found here (PDF).

MarketingSherpa released a short audio podcast with there Senior Reporter Chris Heine discussing the revision with Jeff Mills of eROI. Kenneth Corbin published on May 13, 2008 an article titled “FTC Tightens Up CAN-SPAM Rules” at InternetNews.com, which includes comments by Matt Wise of Q Interactive and Janis Kestenbaum, a staff attorney with the FTC’s Bureau of Consumer Protection.

Matt Wise said:

“Under the new rules, multiple advertisers collaborating on an e-mail campaign will have the opportunity to designate one as the sender, which will be required to identify itself in the “from” line.

The e-mails must contain a mechanism for a user to opt out of receiving future messages, which the designated sender will then be responsible for processing. “

Wise added

“that he hopes the new rules for multi-brand messages will streamline the unsubscribe process, with marketing companies such as his own taking on the responsibilities for maintaining opt-out lists.”

Janis Kestenbaum said

“Also under the new rules, advertisers will be able to satisfy the requirement for including a postal address with a P.O. box or a private address. Previously, they had to include a corporate street address in their messages. “

The update will also include language to simplify the requirements of an opt-out process. Marketers will not be able to require consumers to pay a fee or furnish any data other than an e-mail address to process an opt-out request.

Jeff Mills expressed some concerns that this might create a problem for advertisers who require their customers to log-in to their account to update their email preferences. I don’t think that there is too much reason for concern, based on the comments of Janis Kestenbaum who said that said the main impetus behind that update was to prevent companies from using consumers’ request to opt out as a springboard to extort more information about them. Similarly, marketers will not be able to require consumers to visit more than one Web site to process an opt-out request, she said.

If the customer has an online account with an advertiser already, then I believe that those advertisers need to provide the means for the customer to simply opt-out by entering his email address into a form or something like that. This form could be used by pranksters to opt-out friends, colleagues or other people where the prankster knows the email address and assumes that the person is a subscriber to a specific newsletter. The owner of the email address would become pretty upset, if he suddenly does not get his email newsletter anymore. If I should be wrong, I strongly recommend that advertisers put something into their FAQ saying that they cannot control who is opting out who because of the new legal requirements by the FTC.

On a side note, the FTC left the deadline for complying with an opt-out request unchanged at 10 days.
The new rules will take effect 45 days after the FTC publishes the update in the Federal Register.

Here is a list with some additional legal resources that are relevant for internet marketers.

Cheers!
Carsten Cumbrowski

Read the original:
After Three Years: FTC Approves Revision to CAN-SPAM Act from 2003

Tweet This Post

MySpace just won a $230 million judgment against Spamford Wallace and his partner Walter Rines for violations of CAN-SPAM and California anti-phishing laws, plus attorney fees. Ole Spamford was proud to be the Spam King and I’m sure he’ll find a way to show off now that he holds the record for the largest award ever in a spam related case.

MySpace won when Wallace and Rines failed to show, which means that there will be some kind of appeal, dragging this out further. The pair was accused of using their own as well as other’s phished accounts to send 730,000 messages promoting ring tones and other money making schemes. CAN-SPAM authorized $100 per violation, which is trebled when the messages are sent “willfully and knowingly.” 730K messages at $300 each is $219 million, so I think the real number is actually 736,000 messages based on the actual award in the article.

What is most interesting to me was the short snippet at the very end of the article: “MySpace has another anti-spam case pending against a high-profile defendant, Scott Richter, who it claims gained access to MySpace profiles using stolen passwords and then sent spam bulletins from those accounts.”

View original post here:
MySpace Wins a Big One, Is Scott Richter the Next Target?

Tweet This Post