False Advertising ???

by Fred Showker

60-Second Window True or False : Designers have disappeared from the web advertising world because they're no longer needed. After all, who needs a designer when you can blatantly use false advertising to entrap your audience to click. Good question?

On the internet, it's getting more and more difficult to separate the truth from the false. What is "false advertising" ... if you don't know, here's a brief explanation from Wikipedia:

Quoting  begins False advertising or deceptive advertising is the use of false or misleading statements in advertising. False advertising, in the most blatant of contexts, is illegal in most countries. However, advertisers still find ways to deceive consumers in ways that are legal, or technically illegal but unenforceable. (more)Quoting  ends

POP QUIZ : Which of these are false advertising:

  • Free Porsche : register here
  • END back pain forever, Guaranteed!
  • Get Girls without even trying!
  • Comcast Fast Internet, just $12.95 per month!
  • New Rule in Virginia - Harrisonburg - If you pay for car insurance in Virginia

this Yahoo ad claims to be from Virginia If you answered "all of the above" you would be correct.

But a lot depends on context, and a lot depends on who is watching. At face-value, the "Virginia" ad (at right) reads easily true, with no hint of false; yes and no. The problem is, the consumer doesn't know. Neither does the advertiser -- they don't need to know because they don't care. If you log into this page from any other state, it applies to your state as well. Read on.

The Big Lie

I got so tired of seeing these ads proliferating -- from insurance to companionship and sex -- I decided to chase this one down; as seen here. Do you think viewers are compelled to click ??? You bet. So I dug deeper and investigated the code of the ad, the code of the page, and the programming involved all the way through Yahoo, and out to the providers of the players. This slick scheme involves a number of players to pull off the scam.

My investigation proved that the words "Virginia" and "Harrisonburg" do not appear anywhere in the code for this page; or in the ad code; or in the target page's code. This ad does not exist until someone "sees" it on their web page. This code is embedded in the page -- an iframe -- which is a 'window' through to the Yahoo ad server where the actual code for the ad resides. As I tunneled down through the layers and layers of link obfuscation I began seeing a concerning pattern. While the players seem legit enough, the patterns and model are strangely the very same as many cybercrime phishing and malware models. Here's the arrival code, and the investigation turned up nothing about Virginia or Harrisonburg here either. This script inserts the name of the state on-the-fly, so it applies to everyone.

The website (insurance.comparisons.org) which is the TARGET of the ad resides on a 'virtual' server IP address in the "cloud" -- so it's not trackable by my capabilities, and it's being harboured by a domain-masking company known for harbouring cybercrime sites to avoid identification. So, we really don't know who these people are. They've already lied to us TWICE. So they don't have much credibility. The link goes through Sitescout.com an ad serving company that features "Geo Targeting". (Geographically target ads to users based on city, region or country.) Sitescout.com is a GOdaddy.com site. But guess who is doing their DNS? Amazon.com. Interesting bed of thieves.

I posted this infographic to the DTG Facebook Group and enough people went and clicked the ad until it disappeared from the page. Many reported back that the ad had THEIR state listed rather than Virginia. So that was the acid test of the scripting. Yes, it does entrap the consumer. So, let's take this one step further. EVEN IF YOU DO NOT click on an ad to get to the site, you're come to Comparisons dot org home page. There's no reference to who this is. No FAQ, no 'about' no indication at all about this site other than the "Enter your Zip Code" ... so, you have to enter the zip to even get in ... BAM-BINGO, when you click "Continue" they've got you! If you continue through their series of questions, you've given them about $25 worth of sellable data. They're not in the insurance biz. They're in the business of selling YOUR data. Some ventures will pay up to $25 a pop for that data!

In their policy, Yahoo! sez :

Quoting  begins Yahoo! may use your searches, demographics data, and location information to select the ads you see. To manage your location, please visit Yahoo!'s Location Management page. Quoting  ends

So, unless you've opted out, they are following your every move. Click into Yahoo's info.yahoo.com/privacy area to find out more. And remember, most honest sites will have a similar area where you can opt out of such evils.

UGNN SafeNetting Again I caution you -- be careful what you click, and where you click. Sites these days expose you to all kinds of malware, phishing, stalker and predator links. Careful of those little popups in the text, (Usually with two green underlines) and be suspicious of any links, ads, or graphics that say "download" or "enter your zip code" or other intrusive information. Protect yourself at all times!

Fred Showker, avid spam tracker and online crime fighterAnd, thanks for reading

Fred Showker

Don't forget ... we encourage you to share your discoveries with other readers. Just send and email, contribute your own article, join the Design Cafe forums, or follow DTG on Facebook!

30th Anniversary for DTG Magazine