This website uses cookies. By continuing to browse this website, you accept our use of cookies and our Cookie Policy. Close

Francisco Partners to Acquire Forcepoint from Raytheon Technologies.

Miércoles, Feb 01, 2012

Buyers beware—of Olympic scams

Share

Ran Mosessco Principal Security Researcher

Shady ticket deals for the 2012 London Olympics? Hardly surprising. But when the source is Google's famous AdWords advertising service—one of the internet giant's main sources of income—then a double take might be in order.

BBC investigation found that a Google search for "olympic tickets" resulted in top-of-the-page placement of sponsored sites for vendors selling tickets without permission from Olympic authorities, which is a criminal offense in the U.K. under the London Olympic Games and Paralympic Games Act 2006. 

Our research confirmed that the Google search shown below displays an AdWords link 

 

that is not authorized to sell Olympic tickets according to the ticketing website checker on the official London Olympics website. 

 

The prominent display of sponsored ads tends to confer on them a sense of legitimacy. Users may assume that Google has approved the businesses, or at least stands behind them in some way. But in response to a complaint from a would-be Olympic ticket purchaser, Google said, "While Google AdWords provides a platform for companies to advertise their services, we are not responsible for, nor are we able to monitor the actions of each company." 

The inner workings of AdWords are complex and opaque. These qualities are essential, because if Google revealed its algorithms, for example, people could easily cheat their way to the top.  While the automated system does take into account something called "Quality Score" and consumer ratings, it's clearly not foolproof. A filtering system flags certain keywords for manual review and removal if the ad is found to violate Google's policies, and users can also fill out an online complaint form. Due to the volume of ads, however, a questionable ad may be up for some time before it is reviewed. 

Websense® researchers investigated some of  the Olympic ticket scam sites. We found that most of them had multiple backlinks, suggesting they have been widely spammed over the internet in addition to being promoted via Google AdWords. A "backlink" is a hyperlink that links to a specific web page. Both legitimate web pages and spam URLs often try to set up as many backlinks as possible to drive traffic to their sites, and the number of backlinks a site has may affect its ranking in search engine results. Like the hyperlnks in this post, links can be used to provide additional context, information, or examples. 

An examination of these backlinks confirmed that "birds of a [bad] feather flock together." One URL yielded 500 backlinking URLs in categories such as Adult Material, Gambling, Proxy Avoidance, Potentially Unwanted Software, Suspicious Embedded Links, and Malicious Embedded Links. 

A set of 375 backlinks for another URL found that 104 (27.73%) included various kinds of objectionable content, including security risks (the remaining URLs either had no backlinks or had backlinks for legitimate sites such as News and Media, Business and Economy, and so on).  The breakdown for objectionable/security risk backlinks was as follows: 

 

A closer look at just one of the backlinks tells us a lot about the dangers of allowing comments that are not moderated to be added to any site. In this case, a perfectly legitimate website for a church posted a video of a Sunday School Christmas play and invited viewers to comment:

 

Viewers and spammers did exactly that, adding links not only to the Olympic ticket scam we started with, but also to a variety of other completely unrelated businesses which may or may not be legitimate, including German gambling and phone sex sites and an Italian "escort" agency:

 

Defensio from Websense is one way to prevent spammers from posting such links on blogs and other social media, including Facebook pages. With this service, it's easy to block and manage comments, protecting you and your followers from comment spam, malware, and other threats embedded in user-generated content. 

With Google searches as with everything else, do your own "due diligence" before making a transaction, even if the business is at the top of the page. In the case of London Olympics tickets, the official website includes the handy ticketing website checker that we used to determine if a URL is recognized as an authorized vendor. There's also a page about staying safe online, which includes a long list of known scams that will only get longer as the July 27 opening day approaches.

 

Websense customers are protected from these threats by ACETM, our Advanced Classification Engine.

Tags Google

About the Author

RM

Ran Mosessco

Principal Security Researcher