Scammy: A Public Service Reminder

The malware scam has a long and ignoble history. We’ve talked about them before, most notably in the context of confusing the scammers. Back then (2014), we were seeing the rise of the robo-scammer. Surprisingly, it seems that was a short-lived phenomenon.

For the record, I keep an eye on what scams are making the rounds both out of personal curiosity and as part of my day job. A rare occurrence, being paid to do something I’d do anyway (that doesn’t involve writing).

Anyway, in the absence of data, I speculate that people hate talking to a computer so much that not enough people pressed 1 to allow the auto-dialer to connect them to a human being. It seems logical, anyway: the reason these scams are so successful is that the caller has a well-written and well-practiced script to panic the recipient into forking over their money and opening up their computer. No one is going to trust a robotic voice that says “Your computer is under attack.”

Heck, most people are going to assume that the robotic voice is the one that’s doing the attacking.

So we’re back to more traditional methods of scamming. But there are still new wrinkles.

Remember those popups that claim you need to install a special codec to see the video you’ve clicked on? They’re still around, but they’ve been joined by a new come-on. With the long-awaited and well-publicized demise of Flash, now we’re seeing popups telling would-be viewers that they need to reinstall the Flash player that has been removed from their browser.

I would have thought people would stop to ask themselves why Flash was removed in the first place, but apparently there’s a sufficiency of people who aren’t that self-inquisitive. Sufficient enough to keep the scammers happy, anyway.

Of course email spam is still a potent venue for scammers. The “I’ve hacked your webcam and will send your family pictures of you masturbating” letters seem to be on the decline. And good riddance. The current popular approach is a subscription renewal. “Hey, this is [large corporate entity]. Your subscription to our service is about to expire. Your card will be charged [outrageously large fee] tomorrow.” This scam works well because the fee is so high. “Five hundred bucks for a magazine/website/streaming service?” If the victim is actually a subscriber, they call to correct what they figure must have been a typo; if they don’t have the service, they call to prevent the large charge. Of course, if they aren’t a subscriber, the scammer is set with a script to apologize for the incorrect message, pitch the service in glowing terms at a much more reasonable price, and get a credit card number that can then be wildly abused.

Oddly, while the scammers go to great lengths to make the emails look like they’re coming from the real company, incorporating stolen graphics and boilerplate legal text lifted from actual emails, they often don’t make the slightest effort to forge the “From” on the email. Though the evidence suggests that they don’t need to make the attempt. People seem to be quite willing to assume that “” is fully authorized to speak for Netflix, Fox News, or Xfinity. Or, more likely, nobody even looks at the sender’s address. Those big numbers apparently attached to their credit cards exert a magnetic attraction on the eyes.

The big winner from a scammer’s perspective, however, is still the phone call. Yes, Sam and Nancy and their ilk are still in business. Apparently, however, enough people have figured out that Microsoft and Apple aren’t monitoring their customers’ computers and phones that claiming to be “Sam from Apple” doesn’t work well enough.

Today, the caller is much more likely put a gloss of plausibility on their claim. “Hi, this is Jolene from Norton Security Services.” LifeLock is popular with the scammers, since so many people have subscriptions to LifeLock, either directly or through their association with Norton. Other name-brand security companies’ names are being abused as well: McAfee (many computers come with a trial version of McAfee antivirus installed, so people are used to seeing or hearing the name) and ADT–“Hey, I got my burglar alarm from them, I guess they’re protecting my Internet too”–are at the top of the list.

So let’s be careful out there. Remember, when someone says they’re watching out for you online, they’re telling the exact truth. They’re watching out for you and your wallet.

Scam Much?

How about a quick tale of greed and gaming the system to start your week off?

This one’s all over the Young Adult publishing community, so my apologies to those of you who are tapped in there for repeating old news.

For the rest of you, the best overview of the story I’ve found is at Pajiba.

You should read the whole piece, but if you’re in a hurry, the core of the matter is that someone seems to have concocted a scheme to get a book onto the New York Times bestseller list. Not because they wanted to jumpstart sales of the book, but in order to get financing for a movie based on it.

Right. A movie based on a book nobody’s read. But wait, it gets better: the publisher is a website nobody* visits anymore. The author of the book is set to star in the movie. The cover may have been plagiarized.

* Though, to be honest, they get way more traffic than I do.

How’s that for entertainment?

The most startling thing I learned reading about this is that you can get onto the NYT list with 5,000 copies sold in a week. I know it’s a common complaint that reading for pleasure is a dying art, but it still boggles me that the threshold is so low.

But that’s what made this scam possible. Somebody–or rather, several somebodies–placed phone orders for multiple copies of the book through bookstores across the country. The orders were sized to be just small enough to be counted as individual sales, rather than corporate bulk orders.

The book isn’t actually available, so all of those orders will eventually be canceled, but they hung around long enough to be reported as sales. More than 18,000 sales, in fact. As a result, the book jumped straight to Number One.

A book you can’t buy, with few legitimate reviews knocking a title that’s been sitting in the top spot for a couple of month? Not gonna happen. So people got suspicious. Much Twitter discussion and detective work followed. The upshot is that the NYT released a new bestseller list for the week which does not include the work in question.

Note, by the way, that I haven’t mentioned the book’s title or the author’s name. I don’t see any reason why I should give them any additional publicity. If you want to know, read the article I linked at the top of the post.

But that’s really what I find most depressing about this affair: the author and the team behind the movie have gotten far more publicity than they expected–it seems clear that the whole point was to use the “bestseller” status to get the movie deal done; publicizing it ahead of the signing probably wasn’t part of the plan.

As we all know, however, there’s no such thing as bad publicity in Hollywood. I’ll be very surprised if the movie doesn’t get made. And when it comes out, I’ll be even more surprised if it doesn’t use a “Based on the NYT bestselling book!” line in the ads. Because it did appear on the list, even if the paper has since disavowed it. And people will go see it because they’ll vaguely remember the title, without remembering why they heard of it.

I have to wonder: if the crew behind this scam hadn’t gotten greedy enough to go after #1 instantly, but instead spread those 18,000 orders over a few weeks, debuted in the middle of the list, and then jumped upward, would anyone have noticed? Well, assuming they had taken the precaution of making it possible for people to, you know, actually buy the book.

I suspect if they had gone that route, they would actually have sold enough copies to crack the list legitimately. Probably not the top of the list, but still…

Of course, then the reviews would have come in. If it’s true that good reviews sell books, it’s also true that bad reviews do the opposite (though not as strongly–don’t forget the “so bad it’s good” phenomenon as well as the conspiracy theories: “if so many people are trying to kill it, there must be something there They don’t want us to see.”) And, by all reports, the reviews wouldn’t have been kind.

Speaking of reviews, by the way, consider this one of my occasional reminders that if you’ve read The RagTime Traveler, I’d appreciate you posting a review on Goodreads, Amazon (or wherever you bought it), or anywhere, really. I doubt we can push TRTT onto the New York Times bestseller list, but I’d love to be proved wrong. Hey, it’s only 5,000 copies in a week, right?

Even More Numbers

Remember last June, when I devoted a couple of days to talking about book subscription services in general and Amazon’s Kindle Unlimited in particular? No? Rats. (The posts are here and here if you want to refresh your memory.)

One of the points I made was noting that KU’s switch to paying authors by the number of pages read instead of the percent of the book read was most likely to benefit authors of long, unreadable books.

In the follow-up discussion of avoiding having Amazon look over your shoulder, I suggested making sure authors got paid by scrolling to the end of each book in the Kindle reader before exported it to the reader of your choice. Of course, that would only work if Amazon’s page counting method was a simple-minded check of the highest page number you saw.

We now know that Amazon’s method is that stupidsimple. And we also know that it opened up stunning new vistas for scammers.

It works like this:
1) Page One of your new book says “For a chance to win fifty gazillion dollars, check out the last page of the book!”
2) The next nine-hundred-ninety-nine pages are computer-generated word salad.
3) Page One Thousand says “Ha-ha, there is no prize, Sucker!”*

Presto! Every time somebody checks that last page, you get credited for 1,000 page reads.

* Even better: Direct the suckers to your web page, where you have dozens of ads, malware installation tools, or whatever other monitization methods you want to use waiting. Double payment!

Apparently, so many scammers are doing variations on this trick that payments to real authors have dropped significantly. Not that–as we’ve seen–KU payments were all that great in the first place. (Any model that relies on an ever-growing group of authors sharing a fixed pool of payments is not going to be good for the authors.)

If you needed any proof that Amazon doesn’t give a shit about either authors or readers, now you’ve got it. Even a cursory review of books submitted to KU would catch a large percentage of this sort of crap. Hell, a few simple automated checks could weed out a significant fraction. Even just flagging books whose readers have a higher-than-average reading speed could point out books designed for fraud.

But Amazon doesn’t care. They’ve got the readers’ ten bucks a month, and authors continue to sign up for KU, so there’s some real content mixed into the garbage. As long as the proportion of garbage is low enough that people keep paying their monthly subscription fee, Amazon has absolutely no incentive to clean up KU.

So why do authors continue to publish with KU? Because Amazon makes it easy, they don’t do the math, and, bluntly, they figure any payment is better than nothing.


Just say no to Kindle Unlimited.

Spam: The Next Generation

Why yes, the blog’s spam trap is still catching strange and wonderful new marketing approaches.

Mind you, it’s also still catching huge steaming piles of all-natural fertilizer–lately I’ve been getting several hundred spam attempts a day for online dating, all of which are straight out of the boring, “seen it a million times” school of spam.

Herewith, an assortment of the creative attempts to use my blog to sell you things you didn’t know you needed.

  • gaming laptops under 600 pounds I thought all laptops were under 600 pounds. I certainly don’t want to put one that isn’t on my lap. Maybe they ran afoul of an English/Metric conversion glitch? I’d buy a 600 gram gaming laptop. That was, by the way, the entire message. No details, no link to a website, no attached malware. I have no idea how they expected to make any money.
  • When choosing the colours for you office, there are a few basic points to consider. Agcefefgakbd Another spammer who seems unclear on the concept of driving traffic somewhere: no link, no indication of what’s being sold–and no hint about the considerations involved in painting your office.
  • Human beings during Adam’s era that thought his knowledge of the times was the ultimate reality. For example, when you need reliable vehicle lighting you must try to find flexibility in mounting options. I’ve seen spam invoke biblical authority before, but never for automotive parts. And the use of Adam as the authority is interesting. Did he even own a car? Where would he have driven? There can’t have been much night life in Eden.
  • Today, while I was at work, my cousin stole my iphone and tested to see if it can survive a twenty five foot drop, just so she can be a youtube sensation. My iPad is now destroyed and she has 83 views. I know this is entirely off topic but I had to share it with someone! Any other considerations aside–what’s the point of having an iPhone if you’re going to leave it home where your cousin can get her hands on it–I wish you would explain how dropping your iPhone destroyed your iPad! Given some of the stories I’ve covered here, this one might actually be on topic for the blog if you come up with a few more details. However, you’re right that your game cheats website is off topic.
  • Woodman ended her life in January 1981 by throwing herself of a building after having a long period of depression. Wear old garden clothes when tending to flowering lilies inside garden to stop unwanted stained clothing. I have a sneaking suspicion that the best thing I can do to ward off depression and keep my clothes clean is to NOT buy calla lilies from this spammer. Calla lily spam was really hot for about a week. Did some florist overestimate the number of funerals in his area?
  • Article writing is also a fun, if you know then you can write or else it is complicated to write. I’m guessing this spammer thought I’m still in the QA business and used me to test his new spamming software. Hints for the future: Include a link to what you’re selling and don’t post from an account named “test3”.
  • I like reading an article that can make men and women think. Also, thanks for allowing for me to comment! You’re welcome. I like those articles too. It’s odd, though: I find it much harder to write an article that only makes one gender think. Drop me a note if you have some hints to improve my single-sex writing skills. They might come in useful if I ever decide to spam-sell sports equipment. No, wait, if I do, I’m going to want to sell to men and women.
  • Innovative high heels Guide Exposes Method To Dominate The high heels Scene I hadn’t realized there was a high heels scene, though I can’t say I’m surprised–or startled that it’s apparently linked to domination. Two questions: If everyone uses your method, who’s actually going to dominate the scene? And where do the discount sunglasses you’re selling fit into the high heels scene?
  • Here you will benefit from the elephant trip. After that you’ll discover the Metropolis Palace Advanced and museums. Is it just me, or does this message make more sense when you know the poster is selling health care products of dubious effectiveness. You had heard that many herbal supplements–most of which have never been shown to have any health benefits in the first place–don’t contain the herbs they list on the label? I’m puzzled why this was attached to my piece about Pilot Bread. Maybe the seller thinks elephants like Pilot Bread.
  • That is why we advise injecting grizzly bear adrenaline into your initially cup in the morning. Because there’s nothing better than a hot mug of bear extract to kick your brain into gear. Safety first: make sure you wear this seller’s ski gloves whenever you handle raw grizzly bear adrenaline!

Spam–And Not the Funny Kind

Well, that didn’t take long.

I’ve been on Twitter less than a week, and already I’ve gotten as much spam at this address as I had in the previous year and a half.

Granted, we’re not talking huge absolute numbers. Before this week, I’d gotten exactly two spam e-mails. Since I first tweeted last Wednesday, I’ve gotten two more.

Let me make it clear that I’m not blaming Twitter. If you have an e-mail address, you’re going to get spam. Period. Even if you don’t publicize it in any way, you’ll get hit by someone generating random addresses. Publicize the address and you’ll get even more spam. I’m sure I’ll get at least two more spam e-mails shortly after I join [latest must-use social network].

At least in the US, there are laws to prevent spam. Unfortunately, as The Register points out, the law only allows ISPs to sue spammers, not the individuals who get spammed. Nor does the FTC have any funding to go after spammers. So if you get a few dozen–or hundred, or thousand–spam messages, you need to convince your e-mail provider to pursue the sender on your behalf. Good luck convincing Google or Comcast. Even if they took any action, the cost of investigating, much less actually suing, would far exceed any damages they could claim.

But I digress. I didn’t intend to bitch about being spammed. What I wanted to talk about is how uncreative the spammers are. I see the same spams over and over. Take the attempts to spam the comments on this blog*. They fall into four categories. As I write this, there are twenty-seven comments in the spam trap waiting for my review.

* Granted, comment spam isn’t quite the same as e-mail, but the principles are similar.

  1. Flattery – Fifteen are compliments on my wonderful writing, the lovely layout of the blog, or the great music I’m sharing. It’s boilerplate text: I get the same compliments over and over. (I include the ones asking for suggestions for tools to keep the spammer’s blog free of spam in this category. There are two of those in the current batch.) Oh, and let’s not forget the ones who claim I visited their website and they’re just returning the favor. That’s so nice of them. Why do they all think I’ll be flattered when they go on to tell me they’re planning to steal my content to enhance their own sites? (The e-mail equivalent of these comments are the attempts to offer me loans at ruinous interest rates by telling me how wonderful my credit score is.)
  2. Offers to help improve my site – Four are offers to sell me search optimization tools or pre-optimized content. I love those latter ones: no reason why I should go to all the trouble of writing content, right? Just buy schlock that used to be high in Google’s rankings and I’ll make a fortune from the ads on my site. Because of course the only reason anyone would have a blog would be to use it as an ad farm. Note, by the way, that none of the links in the four spams in the current batch actually lead to sites selling SEO tools or SEO content. Two are selling clothing, one is selling fake rolexes, and the other is, I think, offering some kind of dietary supplements. I’m not certain about that last one. The site is in French, a language I don’t know.
  3. Sales pitches – Four are flat-out sales attempts. Typically three-quarters of them are a long list of links, and the rest are a short blurb about what they’re selling.
  4. Other – I’ve got four of them in this batch. Three are the kind of word salad we’ve laughed about in previous posts. I’m particularly amused by the attempt to sell Louis Vuitton suitcases by telling me that scientists believe the cause of “the disorder” is a viral infection. I infer that the disorder in question is the need for designer luggage. Or maybe the need to send spam.

So, twenty-seven spams. One using a method I haven’t seen before: someone in Poland is trying to sell space heaters by telling me that he’s not satisfied with the content on my blog. “I have not identified what I desired,” he assures me. I’m tempted to send him U2’s latest album. Maybe that’s what he’s looking for.

Why do they keep trying the same techniques over and over, usually using exactly the same words? Do they really get enough clicks to cover the cost of renting the software that spreads the spam? (I’m not even considering the cost of the website they’re trying to lure us suckers into visiting.)

I doubt it. My suspicion is that spam has reached the point where it becomes self-sustaining. People see how much of it there is, figure that if there’s so much, it must be because it works, and they send their own hoping to get rich quickly. That means more people see more spam, and jump on the bandwagon. The only ones getting rich, of course, are the ones who write the spam-sending software.

Dangerous Spam

Last week I did a grouchy post on Tuesday and a more cheerful one on Thursday. That seemed to work out pretty well, so I’m going to do the same thing again this week. If you don’t want to listen to me bitch, skip today’s post and come back next time.

Still here? OK, let’s go. This is a post about blog spam, but unlike the first ones, it’s not an amusing one.

Last week I was reviewing the comments that had been trapped by the spam-catcher software, and noticed that a comment on the kidney stone post had been flagged. The entirety of the comment was “Is it possible to get off kidney dialysis? Australian specialist says it is.” I saw that and started banging my head against the wall. Kidney stones have nothing to do with dialysis and vice versa. Clearly the comment had been left by an automated spamming system that triggered based on the word “kidney”.

Out of morbid curiosity, I checked the link. There was also a link to a Facebook post which had around 600 likes (as of this writing, it’s up to 671 likes). The post consists of exactly two sentences and a link hyping a “man [who] managed to reverse CKD”. There are three comments on the post, one written by the original poster.

That link in turn leads to a post by a man who claims that by following a “great program” that “is really suitable for everyone”, he was avoided a kidney transplant and even got off of dialysis. Big red flag, folks. There’s no such thing as a “program” or course of treatment that’s suitable for everyone. Any medical treatment needs to be customized for the patient; for example dosages need to be appropriate to the patient’s age and weight. Similarly, there is no such thing as a treatment that’s suitable for all stages of a disease. In this case, the post claims the same program is good for “impaired kidney function”, “on kidney dialysis”,and “kidney failure”. That’s like saying “this treatment is good for paper cuts, haemophilia, and decapitation.”

Of course, there are comments from a few people who claim the same program worked for them too. Even assuming they’re real comments and not fakes written by the original poster, there’s no evidence that the “program” had anything to do with their recovery–or even that they were really ill in the first place. (I’m not even going to go into the whole “the plural of anecdote is not data” thing; just keep in mind that a bunch of testimonials are not the equivalent of a formal test.)

So what is this wonderful “program”? Well, according to the link, it’s a “100% guaranteed solution” that includes “Ancient Remedies, Not Commonly Known” developed by an Australian “Naturopath, Nutritionist, Herbalist, Medical Researcher, and Author”. It goes on to claim that doctors are flat-out wrong when they say that a damaged kidneys cannot be healed, and that the program is suitable for any of a long list of kidney disfunctions “or even if you don’t know what type of kidney function loss you have” (emphasis mine). In other words, this program will help you even if you only suspect you might be sick! What a wonderful boon to mankind.

Then there’s this delightful piece of misinformation: “You can be assured of the safety of every product you put in your mouth or on your skin when you know that it has been proven by clinical trials.” Folks, some of the most effective medications out there are incredibly toxic. A clinical trial simply shows whether or not a given substance is effective in the treatment of a condition. It says nothing about the safety of the substance, especially when it’s administered in uncontrolled conditions by someone with no medical training.

I could go on and on–and did in an earlier draft of this piece–but I think the bottom line is this quote from the bottom of the page:

The way I see it, you have two choices: 1) You can keep feeling tired and depressed all the time, keep wasting money on doctor’s bills, taking drugs, etc, etc … or 2) Try [name deleted] completely risk free and begin experiencing greater energy, increased GFR, less or no fluid retention, positive outlook and all other health improvements that go with this. The choice is yours.

In other words, you can continue medical treatment backed by generations of careful scientific study, or you can trust your life to someone who doesn’t understand science and claims to be able to do something that nobody else in the world can.

This scammer, and those of his ilk are, quite bluntly, evil. They make the bottom-dwellers like Sylvia Browne look good. Sylvia’s heirs will take your money and destroy your spirit; these scum will take your money and kill you. IMNSHO, a rational society would prosecute the perpetrators of this sort of garbage for fraud and attempted murder.

Please don’t fall for this scam or anything like it. Follow your doctor’s advice, not that of a random miracle worker spamvertising on the Web.

One final note: I’m torn about whether to include the villian’s name in this post. On the one hand, I don’t want to give him any publicity, but on the other hand leaving his name out makes it impossible for someone to potentially save their life by stumbling over this page. If you have thoughts one way or the other, please let me know in the comments.