McAfee SiteAdvisor Blog

Is your typing absolutely perfect? Of course not. It's easy for anyone to enter gogle for google, or tahoo for yahoo. Many of these misspellings are totally harmless. Tahoo is a green rated Japanese site. Anyone who visits it by accident quickly notices their mistake and heads for Yahoo instead.

But that's not always the case. As with so many other Web safety mistakes people make, there are people out there waiting to take advantage. One of the most common scams is called typosquatting - the act of buying up common misspellings and waiting for people, and profit, to stumble in. When someone arrives at the page by accident, the squatter typically shows them ads, hoping to make a few cents if someone clicks on one. As more people click on on the ads, those cents add up. It doesn't take a lot of traffic to make a profit. According to an analysis by Microsoft a parked domain needs only one unique visitor every two days to cover its basic costs.

Because typosquatters are sites people usually want to avoid, and because they sometimes bring users to even less savory locations or show pornographic ads, SiteAdvisor recently started rating them yellow. We wanted to share a few interesting finds.

One domain site that's attracted a lot of typosquatters is the mortgage site LendingTree. In fact, we found 77 misspellings designed to cash in on LendingTree's popularity. There's big money to be made in mortgage referrals, so it's not surprising that there are a lot of people seeking to cash in, ethically or not. Let's start with lewndingtree.com, a rather typical typosquatter: it's just a placeholder page full of mortgage and home-finance related advertisements. For some people, that's mildly annoying, but it's not too difficult to notice and head back the other way. However, some fraction of lendingtree.com searchers will click on one of these sponsored links which in turn will pay the owner of "lewndingtree" a fee. Since they don't fill the screen with popups or try to compromise a visitor's computer, we count them as merely annoying.

A typosquatting web page with advertisements.

Another common variation is redirecting users to the site they meant to go to, but charging the destination for the service. In this case, the consumer doesn't suffer, but LendingTree does, because it pays the parasite for the traffic. For example, "lsndingtree.com" redirects to a LendingTree page with affiliate-tracking in the URL. In other words, they're billing LendingTree for a new customer referral as though they had made a recommendation the user actually considered-- while that user was already going to the site anyway!

Other redirects include lenndingtree.com, which immediately sent us to a site advertising a very expensive exercise contraption, and le.ndingtree.com, which seemed to be full of ads for different kinds of tree-related advice and services. It just seems totally bizarre to serve these kinds of off-topic ads when you know your victims want to hear about mortgages. Perhaps it didn't make sense to the typosquatters, either: the first site disappeared some time last week.

We were redirected to this page from another typosquatter.

Of course, that doesn't mean that every typo is an invitation to trouble. For example, Google owns gogle.com, which redirects visitors to the main Google page without a word. Still, no matter how many misspellings they do buy, legitimate Web sites can't get all the variations on their names, and there are plenty of targets: the owner of "lsndingtree.com" also owns a similar site, "hritishairways.com," aimed at poaching traffic from British Airways.

In the future, we'll look at other aspects of typosquatting from the economics of typosquatting to the science of picking which misspellings will get the most traffic. In the mean time, be extra careful typing the URL for financial services sites.

Permalink | Comments (1) | TrackBacks (0)

Stop, Identity Thief!

We’ve all seen the bad guys take advantage of the allure of “free” products on the Web. From “free iPods”, to “free downloads”, the Web is full of deceptive come-on’s. Even the government is susceptible. A well-intentioned law to help consumers understand their credit history is in danger of being overwhelmed by scammers.

In 2003, the United States passed the Fair Credit Reporting Act (FCRA), making it easier for consumers to keep tabs on their credit histories. The FCRA requires the three major nationwide consumer reporting companies (Experian, TransUnion, and Equifax) to provide a free credit report, once a year, to anyone who asks.

Credit histories are snapshots in time. By contrast, credit monitoring alerts a consumer of credit changes in near-real time. Government experts say that credit monitoring is one of the best ways to defeat an initially-successful identity theft. It’s an early warning system. Sadly, 85% of the 9+ million people who become victims of identity theft don’t find out they’ve been victimized until they apply for credit. By then, the damage is done: Recovering from a successful theft of one’s identity reportedly can take hundreds of hours.

The FCRA required the three credit reporting agencies to create www.annualcreditreport.com, the only official site where consumers can request a truly free credit report with no strings attached.

We discovered sketchy behavior at a few of the sites that offer "free" credit reports. These sites don't acknowledge truly free credit reports at annualcreditreport.com and automatically bill users if they don't cancel trial memberships.

Imposters

Google “free credit report” and http://www.annualcreditreport.com is the top organic, non-sponsored link. It’s humble. Nothing in the headline about being “free” or official. But it's surrounded by a sea of advertisers who are much less modest.

The official free credit report site is overwhelmed by other, more sensational Web sites.

creditreport.com
http://www.siteadvisor.com/sites/creditreport.com

We estimate that consumers make approximately 1,270,000 million searches every month for “free credit report” and similar terms (based on Yahoo’s 28.8% search market share in July 2006 and 365417 related searches logged by their inventory tool). Creditreport.com is a frequent advertiser for these keywords. The site promises users a free credit report and credit score if the user fills out what appears to be a short registration form. Scroll down below the fold and you’ll find a disclaimer in tiny print.

By ordering a free credit report, you will automatically be enrolled in a 30 day free trial of credit monitoring. You will receive instant notifications of changes to your credit report. You will be billed $9.95 for each month that you continue your membership if you do not cancel your membership within the 30 day trial period.

This is precisely the kind of tactic the FTC warns about:

Other websites that claim to offer “free credit reports,” “free credit scores,” or “free credit monitoring” are not part of the legally mandated free annual credit report program. In some cases, the “free” product comes with strings attached. For example, some sites sign you up for a supposedly “free” service that converts to one you have to pay for after a trial period. If you don’t cancel during the trial period, you may be unwittingly agreeing to let the company start charging fees to your credit card.

freecreditreportsinstantly.com
http://www.siteadvisor.com/sites/freecreditreportinstantly.com

This sign up results in automatic enrollment in a free trial membership for credit monitoring. After the seven day trial, consumers are charged $19.95 every month.

thefreecreditreportsource.com
http://www.siteadvisor.com/sites/thefreecreditreportsource.com

This site claims to give a 30 day trial before they start charging a consumer’s credit card $9.95 per month, a fact disclosed in fine print, at the bottom of a screen, two clicks and one entire top level domain removed.

thefreecreditreportsource.com redirects users to creditreport.com. The order page does not mention any specific fees.

Fees are disclosed in tiny print two screens and one Web site prior to sign up.

On Alert

Some sites count on quick typing, or quick clicking, to get users to their pages. annualcreditreport1.com offers a prominent disclaimer that it is not the official site, but you can bet that plenty of users click through to their advertised offers to make them money.

Some free credit report sites have awkward URLs to take advantage of address bar typos.

The FTC sued an individual “free credit report” Web site, Consumerinfo.com, Inc. The defendant was found liable of deceptive marketing and forced to surrender nearly one million U.S. dollars. The settlement requires Consumerinfo.com, Inc. to “pay redress to deceived consumers, bars deceptive and misleading claims about “free offers”, requires disclosure of terms and conditions of any “free” offers, and requires the defendant to give up $950,000 in ill-gotten gains”. We applaud the government’s action, but there's a glut of scammy Web sites pushing similar scams that are still unchallenged.

Take Action Now

Spyware researcher and SiteAdvisor Advisor Ben Edelman recently critiqued the use of “free” offers in Google Adwords, noting how often the offers violate Federal Trade Commission rules and Google’s own guidelines. Sadly, a well-intentioned law like the one establishing annualcreditreport.com is at risk of being overwhelmed by unscrupulous advertisers who profit from consumer ignorance.

As a modus operandi for avoiding online scams, we recommend caution whenever clicking on an advertisement that promises a service or product for “FREE*!” And as part of a comprehensive plan to help prevent or limit the effects of identity theft, use annualcreditreport.com.

Permalink | Comments (4) | TrackBacks (0)

Misleading Work-At-Home Web Sites Better Left Unclicked

Ever wish you could work from home in your pajamas? Say goodbye to cubicles, commuter traffic, deadlines, and corporate politics? Well, according to numerous Web sites promoting home-based work opportunities, earning an extraordinary income from the comforts of your living room could be just a mouse-click away.

Onlinejobcorps.com claims big income potential from its work at home program.

Unfortunately, these money-making propositions are often extremely deceptive. As the FTC warns, many work-at-home Web sites make exaggerated claims of potential earnings, provide misleading job descriptions and charge users for products or information before explaining what the work entails.

When we searched the Web for work-at-home opportunities, we found 65 sites with misleading offers. We've rated these sites yellow to warn users to be skeptical of advertising claims on these sites.

What They Say

Dataentrybank.com promises substantial earnings.

Work-at-home scam sites lure consumers by promising rapid wealth, leisurely lifestyles, and relief from common job frustrations. These sites use emotional language about the hardships of financial distress and the toil of the daily office grind followed by aggressive claims about the income that can be expected from their opportunities or strategies. Type-at-Home.com claims that users can make $25-50 per hour with no experience necessary. MyDataJob.com claims that a mere 30 minutes of work per day can generate daily income in excess of $3000. Very enticing -- but also extremely exaggerated and unrealistic.

What They Mean

In sharp contrast to claims of guaranteed wealth, the fine print found in sites' "Earnings Disclaimers" explains that many people will not make money from these work-at-home opportunities. The disclaimer on ultimatewealthpackage.com notes that earnings claims presented on the site "should not be considered 'typical'" and "any testimonials and examples used are exceptional results, which do not apply to the average purchaser." There is no indication of what percentage of users has made the advertised "$1,000 to $30,000 per week in residual income" and what percentage has made absolutely nothing. Claims on these sites imply that everyone will easily make a fast fortune, but the probability of earning income may be extremely slim.

How To Lose Money

Dataentrypro.com charges $49.99 for its "Data Entry Profit System."

Rather than make users rich, these sites can actually add to users' financial problems. Scammy work-at-home opportunities typically require an initial monetary investment of $20-$100 for information, materials, program enrollment, or products. Many users may not even recoup their initial investments.

The $49.95 Pyramid

"Data entry" programs, such as Dataentrybank.com, are common work-at-home scams.

One common scam claims to offer extremely lucrative home data entry or typing opportunities. Dataentrybank.com claims that for a fee of $49.95, users will be able to earn over $1000 per day just by typing short ads. Their claims are misleading for many reasons.

Dataentrybank.com fails to provide a reasonable statement of tasks until users pay Dataentrybank.com's fee. Users have to pay the fee before they learn what the fee gets them – a design that's unsavory at best.

We're also concerned about the strategy Dataentrybank.com provides to users. Dataentrybank.com's materials show a troubling similarity to pyramid schemes. Dataentrybank.com provides instructions on how to become an affiliate for companies that pay referral commissions for driving online sales through sponsored ads. But Dataentrybank.com's tutorial simply shows how to become an affiliate of Dataentrybank.com itself. Having paid Dataentrybank.com its fee, what is an affiliate trained to do? Recruit others to Dataentrybank.com! But this kind of cycle is exactly a pyramid scheme. (See FTC definition: "Pyramid schemes … all share one overriding characteristic: … profits based primarily on recruiting others to join their program, not based on profits from any real investment or real sale of goods to the public.")

It's true that it's possible to become an affiliate of ecommerce sites and then potentially earn reasonable commissions. But becoming an affiliate just requires filling out a web application form. Applicants need not pay an intermediary like Dataentrybank.com $50 for the privilege. In fact, most of the information Dataentrybank.com charges for are accessible for free. The site's advertisement claims to set you up with a ClickBank account, which collects your earned commission. But all Dataentrybank.com does is provide a link to ClickBank.com's free account sign-up page -- which is itself an affiliate link whereby ClickBank pays Dataentrybank.com for each referral. The site also claims to give you "access" to a list of companies offering affiliate programs, but once again, it merely links to ClickBank's freely accessible directory. There are also many other free lists of affiliate programs available online (Refer-it.com's list includes well-known companies like Amazon and BestBuy, which are not found on ClickBank.com).

Dataentrybank.com's earnings claims are not true representations of the expected income of average users. They are anecdotal at best, perhaps representing the maximum amount an affiliate marketer once made in the past. Making money as an affiliate is time consuming, hard work that requires a strong understand of Internet marketing, pay per click advertising, and consumer psychology. It's hardly the cakewalk Dataentrybank.com suggests.

Paid Surveys: Our 2 Cents Worth

Surveyscout.com charges for paid survery information which is available elsewhere for free.

Another popular scheme involves charging users to participate in paid survey opportunities which, in fact, are accessible for free. For example, Surveyscout.com charges a $69.95 membership fee for a list of companies that offer paid surveys. But users do not need to enroll in a Surveyscout.com membership or pay any fees at all to sign up for these surveys. Anyone can make a request for consideration directly to the companies offering surveys. There are also many sites which provide lists of companies free of charge. Technicaljobsearch.com and freefromscams.com, for example, provide lengthy lists of market research companies that offer incentive-paid surveys. (These lists include such well-known companies as Nielsen NetRatings, Harris Interactive, and Ipsos. ) There is no need to pay for access to surveys, and users that do fork over the enrollment fee are no more assured of earning any money than those who don't.

Scammy survey sites also exaggerate how much money users can earn from these surveys. For each survey, survey companies screen users for target demographics, so users will only receive a survey invitation if they qualify. Compensation is therefore limited by the number of invitations a user receives. Most survey companies offer compensation in the form of sweepstakes or reward points that can be redeemed for merchandise. Cash rewards are often very small. (Common Knowledge Research Connections offers $1-5 per survey.). Therefore it is highly unlikely that anyone will earn thousands of dollars per month completing surveys – despite suggestions to the contrary as suggested on getpaidtosurveys.com.

We'll Tell You Later

Elevenf.com makes big claims but does not provide a detailed job description.

Poor disclosure and lack of information are common themes amongst work-at-home sites. Consumers are therefore likely to end up making uninformed purchase decisions based purely on blind faith – hoping that the benefits of the a program will significantly outweigh the costs. Weeklycashincome.com charges $97 for its "Personal Instant Cash Machine System" which it claims can generate $1000 per day. But the Weeklycashincome.com site never describes how the system works and what the user will have to do in order to make money. Elevenf.com breaks the money-making process of its "Mobile Cash E-System" into the following steps: "Site down at your computer. Check your emails. Return your emails. Check your income accounts online to see how much you made. Do three to five simple transactions." Not exactly a thorough job description.

Better Off Selling Lemonade

It would certainly be great to find a work-at-home opportunity that generated substantial income with minimal effort, but such claims are generally too good to be true - otherwise we'd all be multi-millionaires. We're concerned by work-at-home Web sites that may mislead consumers with false promises of wealth, only to make quick profits themselves. Job hunters should not have to pay to get for work, and at the very least, they should be given full job descriptions prior to making any purchases. Job hunters should be given realistic earnings expectations and be made aware of any risks involved. In addition, much of the information that these sites charge for is available elsewhere for free. Users who pay to enroll in programs may never actually receive any income and therefore may never recoup the amount of their initial investment. By rating these sites yellow, we aim to warn users before they jump on an opportunity that might not deliver as promised.

Tips on avoiding work-at-home scams:

Click here to view our list of 65 misleading work-at-home sites.

Permalink | Comments (4) | TrackBacks (0)

'Miracle Diet' Web Sites That Thin the Wallet, Not the Waist

Bikini season- it just might be the diet industry's favorite time of year. What better way to encourage dieting and weight loss, than the fear of exposing a less-than-perfect body in a skimpy swimsuit on a crowded beach? As the summer heats up and the clothes come off, there is a heightened desire to get in shape, drop pounds, and score a beach-ready bod. Unfortunately, scammy Web sites selling diet aids profit from the weight loss hype. These sites lure consumers with dubious promises of miraculous weight loss solutions and misleading "free" trial offers.

Whether or not some of these products are somehow effective for weight loss, we're skeptical of grandiose claims, and we are concerned by the opportunity for consumers to be misled by deceptive billing practices. We went looking for sites selling diet aids with misleading advertising, and we came up with 75 sites to flag as yellow – one third of first page results for a Hoodia pill search, for example. We'll focus on specific examples from each of these misleading practices.

Lose 97 lbs in just 1 minute!

You want to believe it. Just pop a pill and watch as the pounds melt off your body. Well, such promises are too good to be true. But that doesn't stop some unscrupulous vendors from making fantastic claims that are unrealistic and unsubstantiated.

Bioglobelabs.com aggressively describes its BetaSlim diet pills as "scientifically proven" fat absorbers that work for everyone and can help dieters lose 10 pounds of fat in a week and upwards of 100 pounds over time without altering food intake or exercise regime. The site attempts to legitimize its claims by asserting that the product is supported by years of scientific research and used to be available only by prescription. Despite these proud statements, the site provides no list of ingredients or analysis of their "in-depth" testing. Meanwhile, their claims oppose many "common sense" and time-proven principles of weight loss.

BetaSlim's questionable claims

One of the latest diet pill ingredients on the market is hoodia, a South African plant which purportedly reduces hunger. But according to mayoclinic.com, "there is no conclusive evidence that hoodia is an effective appetite suppressant." Nonetheless, venders of hoodia products tout it as the ultimate diet solution. Nitetrim.com describes its hoodia product as a "revolutionary breakthrough" that was formerly only available to celebrities and will allow you to "sleep the weight away."

The FTC warns users about bogus weight loss claims and advises users to approach these sites with skepticism. It even set up a fake diet supplement site to illustrate misleading advertising practices. This teaser site looks remarkably similar to many of the real sites we visited.

The FTC's teaser site illustrates misleading weight loss claims.

We're all #1?

Many diet supplement sites proclaim that their products are the absolute best or strongest. Hoodia45.com claims their pills are "stronger than any other hoodia product." Curbyourcravings.com boasts that it has "the most powerful hoodia patch on the market!" Bioglobelabs.com describes its product as the "strongest weight-loss formula in the world." We have to wonder if there is a credible basis for these comparative statements. They can't all be "strongest" and "most powerful."

Desertburn.com is one of many sites claiming to offer the #1 hoodia supplement.

I know you are, but what am I?

Many sites also make claims that while their products are "real" or "pure," consumers should beware of other sites selling products with fake ingredients and fake certificates of authenticity. Hoodia-dietpills.com claims that their pills are "the only true 100% pure Hoodia Gordonii pills in America," but mh57.com states that their product is "America's only pure Hoodia Gordonii weight loss supplement." Who to believe? How about none of them?

Almost famous

HoodiThin.com promotes its diet pills by referencing the popular news show 60 Minutes.

HoodiThin.com attempts to capitalize on press coverage of the hoodia plant. This strategy could mislead users into thinking that HoodiThin.com's products have been specifically featured by news reports. Referencing CBS's 60 Minutes gives an aura of credibility. But while 60 Minutes may have done a story on hoodia in general, it never mentioned the HoodiThin brand specifically. Moreover, 60 Minutes' story actually pointed out potential legal and safety issues with hoodia supplements. So while hoodithin.com seeks to benefit from the reputation of the popular news show, they may not actually want their customers to read the report.

A diet for your bank account

Yahoodia.com free sample offer

Hoodia sites often offer free samples to get users to try their products, but these free trials often end up costing consumers more than just a nominal shipping and handling fee. For example, by signing-up for a free 21 day sample of pills from yahoodia.com, users are also subscribing to receive a 60 day supply of pills every 50 days – for which they will be charged $69.95 plus $6.95 shipping and handling, for each shipment. The first 60 day supply will be sent out two weeks after you order your free sample, and auto-shipments will continue indefinitely (until the subscription is canceled). The details of the trial offer are disclosed at the bottom of the order page and could easily be missed. The payment page includes a disclaimer that the buyer has read the site's "business terms." But, there is no link to a Terms and Conditions Agreement, so even sophisticated buyers may not realize that there were terms to read. It's likely that some users will sign-up for the free trial and not realize the resulting monetary obligations until they see their credit card statements. Customers may not end up losing weight, but there's a good chance they will lose money.

Hoodiamiraclediet.com's free trial could have implications for both your wallet and your inbox.

Hoodiamiraclediet.com similarly offers a free 7 day trial that leads to auto-charged shipments every two months. But in addition to putting pressure on your bank account, signing-up for this offer could also weigh on your inbox. According to the site's privacy policy, providing an e-mail address to the site is a "request that [the site] share your personal information with third parties to receive marketing communications." After we submitted a unique e-mail to hoodiamiraclediet.com, we received 140 spammy e-mails per week.

Tightening the belt on sketchy sites

According to the National Center for Health Statistics, roughly 66% of US adults are obese or overweight. In a country where weight concerns stem from both a growing obesity epidemic and the societal pressure to look good, there's no shortage of demand for diet aids. In fact, the diet industry is booming: consumers spend over $30 billion per year on diet and fitness products. So it's no surprise that scammers want to earn a piece of the profits.

The Web is often the first place people turn to look for diet and weight loss tips: according to Yahoo's keyword selector tool Yahoo had roughly 5.4 million searches in May for "diet," "weight loss," "hoodia" and related search terms. Given that Yahoo accounts for 23% of all searches, an estimated 23.5 million total searches for diet related terms are conducted each month. Finding unbiased reliable health information online, however, is not always so easy. Consumers run a high risk of being misinformed about weight loss issues and misled into wasting money on sites with questionable products and business practices. Therefore we've rated these sites yellow to urge users to be cautious when visiting these sites.

Where to find trustworthy weight loss and diet information:
FDA: How to Lose and Manage Weight
MedlinePlus: Weight Control
FTC: Finding a Weight Loss Program that Works for You
FTC: Diet and Fitness
Mayo Clinic: Weight-loss pills: What can diet aids do for you?

Permalink | Comments (4) | TrackBacks (0)

In February we blogged about some misleading Green Card Lottery sites that charge to “process” entries to the free US government Diversity Immigrant Visa Lottery program. Each year the US government conducts a lottery to issue 50,000 permanent resident visas, or “green cards”, to randomly selected qualified entrants. It is FREE to enter the Green Card Lottery through the US Department of State Web site, but numerous Web sites that are not affiliated with the US government charge applicants for entry submissions. Feedback from our readers confirmed our concern that many people may be confused about where to go to enter the Green Card Lottery, so we are revisiting the issue to highlight the key take-aways from our analysis of these sites.

We find these sites misleading for many reasons:

• Deceptive appearances make it less than obvious that these sites are not affiliated with the US government.
  
  
  
  • These sites have official-sounding domain names such as official-green-card.org, usimmigrationsupport.org and us-green-card-lottery.org.

  • The word “official” appears throughout these sites and in their descriptions within search engine results. The description for greencardforall.org reads, “The Official Green Card program Official Online registration.”

  • These sites mimic the appearance of the US Department of State Web site.

  • These sites display US icons such as eagles, American flags and government buildings in order to give the appearance of a government site.
  
  
  
  
  U.S. Department of State Web site                      Official-Green-Card Web site
  
  
• Aggressive marketing tactics attempt to scare applicants into using their services in order to prevent disqualification. There are strict guidelines that applicants need to follow, but the value of a Web site’s review of an applicant’s entry form is generally limited.

• The value of their services is unclear at best. It’s always helpful to have someone review an application for mistakes, but we doubt that these sites are the first place to turn. The State Department Web site provides detailed information about the program, application requirements, and the locations of US embassies and consulates. Applicants may be concerned about the digital photo requirements, but there are other ways to get assistance. For example, the New York Public Library will help applicants take, adjust, and scan pictures.

• Many applicants may be unaware that the Green Card Lottery is free and will end up paying a fee under the assumption that this is the standard entry procedure.

• These sites dominate the search engine results for such search terms as “green card lottery.” Twelve out of 20 first page Google search results (including 7 out of the first 11 ads) for the phrase “green card lottery” linked to these misleading sites. Using a search engine to look for information about the program could easily take applicants to a misleading site.
  

A Google search for "green card lottery" returns many misleading sites.

The bottom line: It is free to enter the Green Card Lottery through the US Department of State Web site. Government Web sites are the best source for the most accurate and up-to-date information about the lottery program. There’s little reason to pay third parties to enter the lottery. We do not recommend using a non-governmental Web site that employs misleading or overly aggressive sales tactics to submit Green Card Lottery entries.

Where to find information:

U.S. Department of State
unitedstatesvisas.gov
U.S. Citizenship and Immigration Services

Consumer Warnings:

U.S. Department of State Warning
FTC Warning
Better Business Bureau Warning
U.S. Citizenship and Immigration Services Warning

Ten Sites to Avoid (found in top Google search results):

• official-green-card.org
  
• usafis.org
  
• us-green-card-lottery.org
  
• green-card-america.org
  
• green-card-visa-usa.org
  
• usimmigrationsupport.org
  
• usagcls.com
  
• visapro.com
  
• green-card-lottery.org
  
• usa-green-card.com
  

Ten Tips for Green Card Lottery Applicants:

1. It is free to enter the Green Card Lottery at the U.S. Department of State Web site.
2. When searching online for information, look for sites that end in “.gov” to make sure you are visiting a government Web site. Government sites will have the most accurate and up-to-date information.
3. Web site appearances can be deceiving. Web sites that are not affiliated with the U.S. government may use images and descriptions that mimic government Web sites. They may claim to be “official,” even though they’re not.
4. Be careful when searching for information using a search engine. 60% of Google’s first page search results for “green card lottery” were links to misleading sites.
5. Lottery instructions are available in seven languages, and the unitedstatesvisas.gov Web site is available in six languages.
6. If you are seeking help with your application, first contact a government authority or legal expert, as opposed to a Web site that is not affiliated with the government nor of any legal expertise.
7. There are often local resources that can help you with your application and your digital photos (e.g. The New York Public Library).
8. Don’t be fooled by aggressive scare tactics about disqualification. There are strict guidelines that applicants need to follow, but the value of a Web site’s review of an applicant’s entry form is generally limited.
9. An applicant’s chances of winning the lottery are the same regardless of whether the applicant enters directly or through a service.
10. Don’t be lured by offers of free airline tickets to lottery winners. (We found many such offers to be highly misleading and subject to contingencies.)

Permalink | TrackBacks (0)

File Sharing Software Falls Victim to Clone Wars

eMule is a well regarded open source file sharing client that also happens to be adware and spyware free, and free of charge. At least, it’s free for those who can tell which eMule is the real McCoy.

Take a look at these two images:

Can you tell which one is the real thing? It took us a while, and we do this stuff for a living.

The real eMule is on the bottom, but it suffers from an ungainly URL: emule-project.net (SiteAdvisor Analysis: emule-project.net). The one of the top has a much better domain: eMule.org (SiteAdvisor Analysis: eMule.org). But eMule.org is actually a decoy, a pixel for pixel cut and paste copy of the real thing. Logo, color schemes, fonts -- it’s uncanny. The dot-org is the perfect touch, too. It makes the site feel more like a non-profit, more like an open-source software site. eMule.org even claims to be the "official” eMule site.

No matter where you click on the eMule.org decoy page, you’re sent to into the sales funnel. We decided to take the plunge.

You can imagine what came next. In short: After paying $27.80 for a lifetime subscription, we got a screen with links to popular (and free) file sharing programs like Limewire and iMesh. Click on their links, and get redirected to Download.com. What a business!

The funny thing is, eMule.org doesn’t even offer the real eMule client. We'll cover the site in more detail later, but the most important thing to know is that the decoy eMule’s business model is the same as FreedownloadHQ.com. (Like eMule, FDHQ charged us $37 for a link to download.com to get Firefox.)

68% Infected

11 out of the 19 results are red. 58%. Add in my-free-music.com, a "review” site that’s little more than a link farm to scams like red-rated mymusicinc.com and unlimitedsoftware2download.com (which leads to a high volume e-mailer called SuperbRewards.com), and the first page of results goes up to 68% red.

What this means is that unwitting consumers are playing Russian roulette with more than half of the chambers loaded.

Who Is eMule.org?

Hugo Liu, an advisor to SiteAdvisor and a doctoral candidate at MIT’s Media Lab, helped me trace the origins of eMule.org back to a server that shares its IP address with these other sites:

www.Chena.com
www.Domain-names-webhost.com
www.Filesharingcash.com
www.Legal-mp3-download.com
www.Mesothelioma-websites.com
www.Archivoscompartidos.com
www.Mariasearch.com

WHOIS data show that some of these sites are protected by the same masking service (Whois Privacy Protection Service, Inc.) But Whois history at all of these sites shows that they used to be registered to:

Registrant Name:Mr Christian A. Chena
Registrant Organization:HYPER SRL
Registrant Street1:1 de marzo 368
Registrant City:Lambare
Registrant State/Province:--
Registrant Postal Code:NA
Registrant Country:PY
Registrant Phone:+595.595213332
Registrant Phone Ext.:4

Mr. Chena is 28-year-old Internet entrepreneur from Paraguay and a domain name speculator. According to people who follow this industry, Chena sold a trio of misspelled names in March 2005 for $204,000, a profit of $124,000 over the $80,000 purchase price. The domains?

Downlaod.com, Donwload.com and Dawnload.com.

A little more digging by Hugo revealed that eMule.org is also an affiliate of MarketEngines.com, a Canadian publisher that runs an affiliate management company called CashEngines.com. CashEngines helps populate the Web with gems like freemp3lover.com and other sites that sell users "customer service” and access to free P2P file sharing software.

Is eMule.org still owned by Chena? Follow me (or rather, Hugo, who did the sleuthing) for a second:

eMule’s CashEngines affiliate ID is https://secure3.marketengines.com/04/p2p/join1.aspx?revshare=aff_isidoro

Isidoro Canones is a famous Argentinean cartoon character, the so-called "Play-Boy of Buenos Aires." Now, along with domain speculation, Chena is also the owner of http://www.animacion.com, the "official” portal of Spanish language animation.

We e-mailed Chena’s company asking if they own eMule.org. We’ll let you know if they respond. Otherwise, this is as far as we could get with the coincidences. We invite readers to see if they can push this further.

A Profitable Business Model

As an affiliate of CashEngines, eMule.org earns a bounty every time it sends a customer through CashEngine’s payment system. Payouts for music sites are $20 per customer.

It’s a typical affiliate arrangement. Since CashEngine’s costs to service a customer are near zero, they can afford to pay as much as 75% of their revenue (a $20 bounty on a $27 sale) to the affiliate. And why are the costs near zero? As we previously learned, scam software sites don’t have any significant customer service costs because they provide little, if any, customer service. We will be contacting eMule.org to ask a variety of basic P2P customer service questions. We’ll add a note here if we get anything close to a real response.

eMule Gets Its Ass Kicked

eMule is run as an open-source project. Programmers are volunteers. Hosting costs are shared by mirror sites. They have little time and no money to fight these guys. In fact, they recently added a disclaimer to their site which reads in part:

If you paid for downloading eMule, you have probably been cheated - but not by us. We suggest that you contact the website were you paid for eMule or your credit card company to arrange a refund. However we are unable to assist you in such a case because (again) we are not involved in any way in such payments so please do not mail us about refundings.

They don’t "agree” with eMule.org’s practices, but because they publish under the General Public License which allows others to study, improve, redistribute and charge for GPL software, eMule "can not prohibit such misuse.”

That said, BitTorrent recently began cracking down on sites that misuse the company’s name. And last year, the Center for Democracy and Technology successfully pressured at least one scammy site to remove the "100% legal" claim from its site. The FTC has also begun to act.

But given how easy it is to hot swap domains and press the ‘copy’ button on a site’s HTML, we think government or corporate legal actions are bound to be at least a step behind the scammers. In fact, as long as there is real money to be made by scamming, our bet is that for every site BitTorrent or the CDT is able to close down, two will take its place. That’s why all of us have to step up and do something.

Found more sites like these? Join SiteAdvisor as a reviewer and let us know which ones.

Permalink | Comments (10) | TrackBacks (0)

Each year millions of people enter the U.S. Diversity Visa Lottery (a.k.a. the “Green Card Lottery"), hoping to win one of only 50,000 permanent resident visas (“green cards") that the U.S. awards by random selection among qualified entrants. Implemented by the Immigration Act of 1990 to increase the number of U.S. immigrants from countries exhibiting “disproportionately low" rates of immigration, the program has become increasingly popular as a potential means of obtaining permanent residency status. But the chance of winning is unusually slim: In 2005, only 0.8% of the 6.3 million qualified entrants were awarded the coveted card.

With so much at stake, it’s perhaps no surprise that bad actors seek to take advantage of the Green Card Lottery to line their own pockets. We were tipped off by some SiteAdvisor user comments pointing out the misleading nature of seemingly-“official" green card lottery sites. So we decided to take a closer look.

Participation in the U.S. Diversity Visa Lottery program is free. There is absolutely no charge to download, complete, or submit the electronic entry form through the U.S. Department of State Web site at dvlottery.state.gov. Only the chosen winners are ever subject to processing fees.

But numerous Web sites charge applicants to “process" their entries to this free lottery. Prices range from $39 for a one year registration to $299 for a ten year registration. (This is strikingly similar to our recent discussion of a company charging $37.95 for free software such as Firefox.)

Now, why would anyone pay if they can enter the lottery for free? Most likely, not everyone knows that the lottery is free. And many people probably do not know where to go online to fill out the official entry form.

Search Engines Lead Users Astray

Search engines seem like a logical starting place for residency seekers wanting information about the lottery. But try searching Google for ‘green card lottery.’ The results are worrisome. Here’s what we found on February 8, 2006 on Google:

Performing a Google search for 'Green Card Lottery' resulted in many misleading sites.

1) The first page of results contains only four government sites but 13 non-governmental sites that charge fees to process lottery submissions.
2) Three sponsored sites occupy the prominent space at the top of the page – all three above the first government site.
3) The first government site gives a bare URL, without title or description of any kind, which makes it nearly useless. Few users would realize this is actually the best and most important site in Google’s results – the only site that directly provides free registration in the lottery. In contrast, the non-governmental sites, have inviting descriptions such as “The official US government program" or “Your lifetime chance to win US Visa."
4) Many of the non-governmental sites boast official sounding domain names that contain the words “official", “green card", and “immigration."
5) The second government site can’t actually help a user get a green card. Instead, and more than a bit ironically, this site merely warns users about Green Card lottery scams.
6) In order to find an official government site with an appropriate title and description, a user would have to scroll past 3 ads and 6 organic listings.

Typical users are likely to stumble onto one of these fee-based sites and assume that it offers the standard procedure for entering the visa lottery. Research indicates that users have trouble distinguishing between ads and organic results even under optimal conditions. With these fee-based sites doing everything they can to look official (even putting the word “official" in their domain names), users are at special risk of getting confused here.

Assessing Official-Green-Card.org

The home pages of some of these sites also look remarkably similar to the home page of the U.S. Department of State Web site. Compare the U.S. Department of State Web site to that of Official-Green-Card.org (SiteAdvisor Analysis: official-green-card.org):

U.S. Department of State Web site          Official-Green-Card Web site

The official-green-card.org site looks like it could actually be an official government site. Notice U.S. icons such as an eagle, an American flag, and a picture of the Capital building. The site even copies the standard style of a circulate seal in the upper-left corner. Plus, the word “official" appears in the site’s domain name and six times on its home page alone. Only at the very bottom of the page, in reduced size font, can savvy users find the disclosure “Official-Green-Card is not affiliated with or endorsed by the U.S. Government."

Despite the visual similarities between Official-Green-Card’s Web site and that of the State Department, Official-Green-Card admits differences between using the two sites in an attempt to highlight Official-Green-Card’s “advantages" over the State Department site. Are these “advantages" really worth paying for?

Throughout its site, Official-Green-Card touts the advantage that "*Winners will get FREE Airline ticket to the USA."
Certainly, a free airline ticket would more than offset the site’s entry form processing fee. But the asterisk hides the crucial fine print: not only do you need to first win the Visa lottery, but then you must win a second drawing for the free airline ticket. Although the home page alone mentions this travel reward five times, the second sweepstakes is only disclosed at the bottom of the Terms of Service Agreement:

From Official-Green-Card's Terms of Service Agreement

Hopefully your luck is sustainable.

Official-Green-Card also claims year round registration for their services as another boon to their customers, as the U.S. government only accepts lottery applications during a set two month period each year. (The 2007 application period was October 5, 2005 to December 4, 2005.) But Official-Green-Card must abide by the same timetables that the U.S. government sets for all applicants, so your entry form will not be processed any earlier if you register with them outside of the open application period. Maybe it’s worth something to get to register immediately upon learning about the lottery, rather than having to remember to come back later. But we doubt that’s worth $49 to many people.

Official-Green-Card shares Web site content and a payment engine with usafis.org, which has a surprisingly high Alexa rank of 2,255. Both sites also advertise on Google, Yahoo! and MSN paid search results, taking two of the top three sponsored results on each engine, and paying up to 50 cents per click for qualified leads that may turn into paid customers. In fact, five of the sites on the first page of Google’s search results ultimately drive customers to USAfis.org. These sites are all registered to the same physical address in New York, suggesting that a single organization is likely dominating this market.

Assessing USGreenCard-Immigration.org and Fuzzy Math

Another site, USGreenCard-Immigration.org (SiteAdvisor Analysis: usgreencard-immigration.org), takes a different selling tactic. They claim that 30% of lottery applicants are disqualified due to errors in application formatting and content. The site claims they will “look over your application to make sure information is filled out correctly" which they say “gives [applicants] a 30% better chance of winning." That’s not only illogical math, but it’s incredibly misleading too.
```
Many of these sites also justify their processing charges by claims of providing expert support. But there are many free informational government contacts and Web sites directed at assisting lottery participants. The US Department of State Web site provides contact information to Visa Services and links to embassy and consulate sites in other countries. Lottery instructions are available in seven languages and the unitedstatesvisa.gov website is available in six languages. So there’s help available for applicants who need it. Applicants need not pay USGreenCard-Immigration to get assistance.

We think the photo scanning service (offered by some of these sites) is the only service worth paying for. All entry forms must be submitted to the U.S. government electronically, yet some applicants may not have access to a scanner or digital camera. But other than that, you’re generally just paying the Web site to serve as an intermediary between you and the State Department. We suspect most applicants would be better off applying on their own.

SiteAdvisor’s Evaluation of These Sites

We’re not saying that these sites are not technically providing a service. Individuals pay intermediaries all the time to do things that could be done directly for free, like having an accountant prepare and submit tax returns to the government. But we rate these sites red due to a combination of their aggressive advertising, their potential to mislead typical users, and their risk of providing minimal value to customers.

Some people may not realize that the lottery program is free. Others may think these Web sites are affiliated with the U.S. government – especially when their color schemes, layouts, and even domain names falsely indicate that they’re “official." Still other users may not have read all of the fine print; they may mistakenly believe claims that are subject to more than a few caveats. If we can help some of these people figure out what’s really going on here, we’ll consider that a success.

We’re not the only ones concerned about this issue. The FTC and USCIS both issued alerts warning of “imposter" and “bogus" web sites, and the New York Daily News wrote about this issue too. But beyond blaming the sites for these bogus ads, we like to put the issue in context. Looking back at the Google search results, we see how users can be led astray here – and we see room for the Internet community, and SiteAdvisor, to help make things better.

We want to make sure that visitors to these sites are aware of the alternative, free option, so that they are armed to make informed decisions. As always, if you disagree with our conclusions, let us know by submitting a comment on this entry or by leaving a comment on one of the site report pages mentioned here:
SiteAdvisor Analysis: official-green-card.org
SiteAdvisor Analysis: usgreencard-immigration.org
SiteAdvisor Analysis: usafis.org

Permalink | Comments (7) | TrackBacks (2)

FreeDownloadHQ Responds

I need your help.

Let me explain. Last week, I wrote about FreedownloadHQ, a Web site that charges $37 in exchange for links to other Web sites where you can download software like Firefox for free. I received a lot of correspondence from the company over the last few days which I want to share with you in detail.

Money For Nothing

You'll recall that I paid for a lifetime membership to FDHQ in order to test their service. Here’s their response to 'Shane Keats, individual consumer' requesting a full refund:

OK. A standard 'letter of the law' style brush off sent to a single, insignificant customer.

"because the content we offer is mostly free"

They responded more completely to 'Shane Keats from SiteAdvisor':

Some things about this letter really caught my eye.

"because we provide tutorials as well as full technical support"

FDHQ must have an interesting definition of full technical support. As I showed in last week's entry at least one customer (me) was unable to get any support at all. As for their tutorials, they are nothing more than installation notes and nothing I couldn’t get from Mozilla itself.

"As stated before customer service is our number one priority. We offer our members a toll free number to contact us with all billing questions."

I attempted to get customer service for 12 weeks and with the exception of a single e-mail giving me FDHQ login instructions (which I had not asked for) I received no service at all. And despite looking quite closely, I was unable to find a toll free number anywhere on their site. I also called toll free directory assistance with the same result.

As for billing support, I wanted to ask "other questions concerning your billing or charges" but when I clicked on the link they provided, I was re-directed back to their technical support page. I wanted to “get in touch with one of our customer service representatives" but I couldn’t.

"This is why our site is called freedownloadhq because the content we offer is mostly free."

I’m not sure I know how to describe this comment. Orwellian, maybe.

All's Well That Ends Well?

I wasn't happy about the denial of a refund request, so I sent another e-mail.

I have been attempting to receive customer service for 4 months. To date, I have not received any customer service at all. In fact, not a single one of my customer service questions has been answered. Please issue me a full refund.

Finally, satisfaction:

I could interpret this refund as an expression of genuine remorse about their failure to provide customer service. Or I could interpret it as FDHQ starting to worry about the ire of the Web community they've aroused. Hmmm.

Calling All Questions

Here's where I need your help. I got an e-mail from FDHQ late last week agreeing to answer additional questions by e-mail. The possibilities are so rich, I'm not sure where to begin. Do you have any suggestions? If so, please let me know. I'll select some, add them to a few of my own, and let you know if FDHQ responds.

Permalink | Comments (9) | TrackBacks (1)

Last week, I wrote about a site that charges people $37 to be connected to Download.com, where users can then download a copy of Firefox for free.

The article struck a nerve. It got Dugg nearly 2000 times on Digg, generated dozens of comments on our blog, and got more than a few people up in arms. I'll give our fellow warriors some well-deserved recognition at the end of this post. But let me start by revisiting FreeDownloadHQ (FDHQ).

All the Customer Service Money Can Buy

Recall if you will FDHQ's claim of what your $37 really buys you:

The software is free. You are paying for the membership to our site that provides you with location, evaluation and/or recommendation of various file sharing programs as well as utilities, online tutorials, online help and support and other tools and services for the lifetime of the membership.

Last September when Chris Dixon, one of SiteAdvisor’s co-founders, told me about FDHQ, we decided to buy a lifetime membership and keep an eye on these folks. After signing up, I started by downloading eMule, one of my favorite file sharing clients, but one with an ungainly URL. FDHQ offered it. At least, FDHQ had a link to Download.com where I was able to get eMule++ 1.2.3. Close enough for our purposes.

Next, I decided to seek out some of this vaunted customer service. Caution: Extreme sarcasm ahead.

Customer Service Gone Wrong

Here’s the first e-mail I sent FDHQ – intended to present a range of typical novice user questions about P2P filesharing:

The program is asking "allow multiple instances of eMule++?" What does this mean? What do I click? When I start the program, the first thing I see is a bunch of porn sites. I don't want porn. How do I get rid of these? i want my kids to be able to use this. Why are the same black eyed peas songs different sizes? like "don't phunk with my heart." which one should i pick? What is the difference between a file type called audio and one called archives? How do I know which of these files play on my ipod? Is it illegal for me to be downloading these songs? I didn't pay for them? Does the fact that I paid you make it ok for me to download them? Do you pay any of the artists so that they get some of the money?

Now that’s a lot of customer service to request all at once, so I was surprised to get an instantaneous response:

Your recent inquiry has been received by our Support Department. We respond to each inquiry as soon as possible, usually within 12-24 hours.

I waited 12-24 hours and then some. I e-mailed back a week later and included a copy of my previous e-mail. Again, another prompt response. This customer service is fast!

Your recent inquiry has been received by our Support Department. We respond to each inquiry as soon as possible, usually within 12-24 hours.

Another week later, I got mad.

I've been trying to get customer service to answer my emails for 2 weeks. If I don't start getting answers, I will be asking for a full refund.

Instant response:

"Mp3sharingcenter.com" wrote:

Dear Customer,

How can we help you. When sending your questions
please reply to this email....

Thanks,
Freedownloadhq.com Support

For a moment, I thought I was getting somewhere. Except. Except I wasn’t. When I looked more closely at the response, I realized it was coming from MP3SharingCenter, not FDHQ. How did they get my e-mail? Maybe FDHQ was outsourcing their customer service function. I decided to play nice. I sent a brief note with my questions appended.

Note: forwarded message attached.

Hi,

I'm still waiting for some answers to these attached
questions.

Thanks,

I waited another week before contacting them again.

Date: Fri, 21 Oct 2005 08:09:10 -0700 (PDT) From: "xxxxxxx@ yahoo.com Subject: Re: Fwd: Re: Support To: Support@Mp3sharingcenter.com Plain Text Attachment This is getting ridiculous. What did I pay for if not customer service? See below.

I still didn’t get a response. Well, the holidays were upon us and we had a product to finish. So I didn’t try again till the New Year. I asked for a full refund this time and this certainly seemed well within my rights. Here’s their response:

Dear Customer, Access the site at www.freedownloadhq.com/members/logon.asp Enter xxxxxxxxxx@yahoo.com in all lower case letters as your email address. We have verified that this is working properly. You may need to temporarily disable your pop-up blocker depending on your specific computer settings.

You have unlimited access to ALL the programs listed under the categories on the left side of the screen. Feel free to email us back with further questions or if you need specific instructions to download a program.

Thanks,
Support

This was the most customer service I’d ever gotten from Freedownloadhq.com, but it didn’t answer my question. Not even close! Twelve weeks before, I had asked how to avoid P2P porn, whether P2P is legal, and whether my FDHQ membership fee gets shared with musicians. Why did FDHQ’s staff ignore those questions and instead tell me about logins and passwords?

(Note: It appears that FreedownloadHQ no longer provides links to sites that offer file sharing client downloads, though it does still highlight “music downloads�? on its home page. Also, Mp3sharingcenter.com appears to no longer be accepting new members.)

Sarcasm Aside

Here’s a church that recommends parishioners listen to sermons by downloading Windows Media Player from FDHQ.

The Kauffman Foundation suggests FDHQ as the place to download RealPlayer, to let aspiring entrepreneurs watch how-to videos.

The fact is, lots of users and legitimate Web sites get tricked by FDHQ, and I think this trickery rises well above 'caveat emptor.' Other sites with similar business models abound in our database.

• bittorent.com will sell you a copy of Bram Cohen’s software. [SiteAdvisor Analysis: bittorent.com]
• PeTSpatrol.com is a part of a related scam that penalizes lousy typists like me and steals business from the good guys at peSTpatrol.com. [SiteAdvisor Analysis: petspatrol.com]
• free-download-center.com promises “Free Unlimited MP3 Downloads, Music, Movies, Games, Software & More!�? – all for the low, low price of, you guessed it, $37.95. [SiteAdvisor Analysis: free-download-center.com]

Our post last week generated plenty of comments, made the front page of Digg, and ended up on Shoutwire too. John Dvorak helped spread the news. So did Matthew Boedicker. Robert Accettura was outraged. So too, I assume, was Lin Magazine (None of us read Hebrew.) And we return the Google juice to others on the Web working to bring these kinds of scams to light.

Waiting to Exhale?

A lot of the forum and blog commentary focused on whether FDHQ has a legal right to do what they’re doing. We at SiteAdvisor think the issue is less about legality than about transparency. That said, it’s an important issue. I’ve reached out to people who know about these things, people in government, in the law, in corporations, and I’ll post any notable responses. If FDHQ ever sees fit to refund my money, I’ll let you know that too. But don’t hold your breath.

Correction

In an earlier version of this entry, I said that FreeRepublic.com recommended FDHQ. I was wrong. In fact, it was a poster on one of their boards who did so, and the poster was quickly corrected by others on their boards. This mistake was pointed out to me by a commenter on this blog. I regret the error and I have removed the reference.

Permalink | Comments (25) | TrackBacks (0)

We are constantly amazed by the ingenuity of online scammers.

Here's one of our favorite examples. Try typing "Firefox" into the search box on Google, Yahoo! or MSN. Now check out the paid advertisement for “FreeDownloadHQ.com." On Google, you should see something like this:

Most experienced Web users know that the best way to download Firefox is to go to an aggregator like download.com or directly to Mozilla. Furthermore, savvy users know the difference between sponsored links and the main organic results to the left and below.

Not so for the casual user. Blame it on them if you must, but studies show that most users don’t know the difference between paid and natural search results. As far as they’re concerned, the highlighted ad is the “first" result.

Clicking that “first" result for Firefox brings you to this website:

In the Orwellian world of dark-alley Internet marketing, the word “Free" in the site’s title generally means you’ll be paying somehow – either with cash or spam or adware on your computer. After all, this “free" site just paid Google top dollar for my click. As always at SiteAdvisor, we ask how someone makes their money if they're paying to attract our business. Read on.

War is Peace. Freedom is Slavery.

Click on “Download" and you’ll enter a dialogue that quickly turns to money.

Yes, FreeDownloadHQ is anything but free. These guys take FREE software and SELL IT FOR $37.95 and then have the nerve to call themselves FreeDownloadHQ! (By the way, they’ll also sell you Internet Explorer, Opera and Netscape and any number of other free software programs.)

Before you blame the poor victims who fall for this scam, take a look at the next screen.

FreeDownloadHQ makes sure you see their big GoDaddy SSL certificate. How reassuring. Here’s my problem with SSL. Consumers have been trained to look for the seal but they haven’t been taught how to interpret it. I suspect that the average user, if he or she even knows what SSL is, thinks the certification is an indication of overall trustworthiness, rather than SSL’s more limited actual promise of encrypting certain communications (but nothing more.)

Typical Internet users see Super Bowl-advertised GoDaddy and they inevitably conclude, “This site must be safe." So FreeDownloadHQ is free loading on SSL, and plenty of others sites do so too. It’s a problem we in the security community created, and it’s a problem we need to address.

Money Back Guarantees

Another nugget awaits in FreeDownloadHQ’s payment screen.

Click “more," and you’ll see a puzzling definition of 100% guaranteed.

If you are within your first 7 days of our guarantee period - you are eligible for a refund of the unused portion of your membership minus a $5.99 fee, which we keep to cover the costs of processing and handling. Please allow a 10 to 15 day processing delay before the funds are returned to your account. (underlining is theirs)

Obviously these guys get a ton of refund requests, given that they are, we repeat, selling a product that is given away free by the manufacturer.

Caveat Emptor?

We’re not the first to discover the scam. Some folks in the blogosphere have caught on too. Brian Ruppert, for example, does a great job explaining FreeDownloadHQ. But read this comment he posted from someone who “bought" Skype for $52 and you realize how easy it is to fall for the scam:

I tried to get Skype through Google engine and before downloading the program I was requested to insert my personal data and to pay $52 by credit card number. I inserted all data as I supposed was for skype subscription but in reality the data inserted and license agreement was for another operator site http://www.freedownloadhq (dot) com (!) When I contacted the manipulation was too late. I tried to contact them directly but it was impossible.

I can't vouch for the merits of the particular case mentioned above. But when you dig a little, you realize just how many people feel victimized by FreeDownloadHQ. And you realize how many people, even techies, fall for it. On TechVibes, "Vancouver's Technology Community," you can find users suggesting FreeDownloadHQ. Even a moderator on TechSupportForum recommends FreeDownloadHQ. This is not a problem restricted to technical neophytes.

How do I know these aren't isolated examples? Well, a good indication of the extent of the problem is that the Firefox community itself is freaking out about it.

In fact, we wonder why even more people don't fall for the scam. After all, FreeDownloadHQ is everywhere. Type “firefox" into Amazon.com. Along with “Firefox" starring Clint Eastwood, you get a “sponsored" link to our friends at FreeDownloadHQ:

(Side note: It turns out this FreeDownloadHQ ad isn't quite Amazon's fault. Rather, these are ads sold by Google, then syndicated into Amazon's site.)

Where Are the Cops?

When you actually get to the download dialogue, look closely and you’ll see that FreeDownloadHQ is simply directing users to Download.com to get their copy of Firefox, for free of course.

Why hasn’t the FTC shut this site down? And what are users actually paying for? When I first started researching this story, I found this quote on their FAQ:

The software is free. You are paying for the membership to our site that provides you with location, evaluation and/or recommendation of various file sharing programs as well as utilities, online tutorials, online help and support and other tools and services for the lifetime of the membership.

FreeDownloadHQ said it is selling customer service, not software they don’t own. I’m not surprised that Google, Yahoo! and MSN show these ads. They lack the controversial keywords (porn, gambling, pills) that trip the search engines’ best-known filters and rules. As to why the government hasn't done anything, we'll let you draw your own conclusions

(Note: FreeDownloadHQ no longer appears to host a FAQ page. In fact, it appears that they no longer bother to explain what you're paying for at all.)

SiteAdvisor Puts the Red On

Despite the (occasionally available) fine print, users can't and shouldn't reasonably be expected to know about these scams. Nor should users be able to parse the torrent of conflicting messages: “Hey, did you hear about this cool new program? It’s free. Except it’s not really free." “That SSL cert you’re supposed to look for? It doesn’t really mean the product is safe. But don’t download unless the site has one. Why? Don’t ask. Too complicated."

If the government won’t take action, the search engines ignore the issue, and the makers of the software are too busy making real products, where does that leave ordinary users? Well, we know who the winners and losers are:

• Winner: Search engines that get paid for every click on every tricky ad
• Winner: Freedownloadhq, which gets $37.95 selling something they didn’t make
• Loser: Unsuspecting Internet users
• Loser: Creators of great products like Firefox
• Loser: Legitimate Web businesses that suffer when average users lose confidence in the Web

As for SiteAdvisor, we’re adding this scam to our list of practices that will earn a red flag for a Web site. And lest you think this is a small potatoes operation, or limited to a single scam site, try searching for your favorite freeware using our Safe Search annotations. And watch the screen turn red.

Got a new scam you want us to take a look at? Let us know through our feedback link.

Permalink | Comments (45) | TrackBacks (5)