Online retailers' fake news problem
The scourge of spurious headlines and bogus information hasn't just plagued politics and politicians over the past year, it's also become a menace for American businesses.
Online criminals and fraudsters聽are impersonating real companies by pedaling聽online deals聽and promotions to dupe unsuspecting consumers.聽Clicking links in these phony offers聽delivers malicious software designed to harvest personal and financial information,聽according to research by聽cybersecurity firms.
While fake news stories聽promoting聽Hillary Clinton聽conspiracy theories聽ricocheted around the web ahead of last month's election, social media platforms have been 鈥 and still are 鈥 passing around fraudulent ads.聽
"The echo chamber of fake news is the same as the echo chamber of holiday offers and coupons," said Evan聽Blair, cofounder of the firm Zero Fox that tracks social media scams. "There are hundreds of examples out there 鈥 maybe even more."
Researchers see the scams taking many forms. Phony advertisements and promotions circulating on Twitter and Pinterest are the most common outlet for cybercriminals interested in extracting money from consumers by getting them to purchase goods and services they will never receive.
Other criminals play a longer game: using enticing offers and stories to trick consumers聽into聽clicking a link that will install a malicious mobile application on their phone, or give up the username and password they use to access a social media or聽e-commerce聽website, Mr. Blair said.
One phony ad聽circulating on Twitter promised Bass Pro Shops gift cards. But the聽link for the gift card to the sporting goods retailer聽instead delivered聽a聽malicious Android application. Bass Pro Shops told Passcode that it monitors social media for accounts that聽misrepresent the company's brand online. (Customers who aren't sure about an offer can contact the retailer at 1-800-BASS-PRO.)聽
Other tweets promoted聽coupons for retailers such as Kroger, Macy鈥檚, and Hertz Rent-a-Car. But when Twitter users clicked the ads, the sites secretly collected their personal information before giving them a fake coupon, according to the Zero Fox research.
As with the fake news, retail scams are benefiting from the popularity of Facebook, Twitter, and Pinterest. And, all too often, users of these platforms click 鈥 or share 鈥 first and ask questions later. Fraudsters may benefit from misplaced trust聽that many Facebook and Twitter users place in the ads that show up on those platforms.聽
In one recent example, false stories and promotions about money from the purchase of deeply discounted Ray-Ban sunglasses going to The Nature Conservancy have been circulating on Twitter and Facebook for months.
Cybercriminals are also getting more clever and mixing up their tactics in an effort to deceive consumers.聽Researchers at the digital security firm RiskIQ have noted an increase in the use of internet web addresses that may make scam sites seem more legitimate. For example, the fraudulent site could include the names of legitimate retailers in the web address. For instance, a (fictional) URL like this:聽http://homedepot.scamcoupon.com聽may look like it belongs to the home improvement giant, but is really a part of the web domain聽scamcoupon.com. Clicking it would be聽unlikely to聽bring you to the聽real home improvement store.聽
That practice, which RiskIQ terms 鈥渟ubdomain infringement鈥 is available to anyone who controls a web domain. Unlike registering聽imposter web domains, it is聽invisible to the broader internet and the affected brand, at least until complaints start rolling in, said James Pleger, RiskIQ鈥檚 director of research.
Fake news websites use a similar approach. During the presidential election, for example, sites such as聽聽used subdomain infringement to play on the identity and reputation of established news outlets while pedaling fabrications. The ruse works because most Internet users cannot spot the difference between the real聽website鈥檚 address ()聽and that of the fake (that telltale .co top-level domain in the example above).聽
The tactic is gaining traction as the increasing use of mobile devices聽to browse web content聽makes less of the actual web address (or URL) visible聽to the reader.聽Less screen real estate makes tricky URLs harder to spot, Mr. Pleger said.
Like the problem of fake news, solutions to the fake promotions and brand impersonation problem aren't simple or straightforward, experts agree. Social media platforms and retailers that use them need to pay more attention to internet traffic patterns to spot emerging scams.聽Consumers, says聽Pleger, need to be more vigilant.
The problem isn鈥檛 one that you can simply 鈥渢hrow technology at,鈥 he says. 鈥淧eople need to own their security and integrate it into their lifestyle ... . They need to stop and think about what domains and URLs are and start asking where their content comes from.鈥
