Wednesday, September 29, 2010

Spamming, Grooming, and Shilling - Understanding the Internet

A lot of people are just learning how to drive on the information superhighway.  The trick is to get where you are going without getting run over.

UPDATE:  Since I wrote this more than a decade ago, people are pretty much all on the Internet - and kids get their first smartphone at age 3!  Yet, today more than ever, people fall for Internet tricksters, cons, and trolls.  Not much as changed, even as everything has changed!

* * *
 While it seems like nearly everyone is on the Internet today, a lot of folks, particularly older folks, are just now starting to explore it.  And unfortunately, they are prime bait for the sort of nasty people who now populate the Internet, looking for folks to rip off.

Relax.  The Internet isn't all that scary.  But just as in any town, there are certain neighborhoods you don't want to walk through after dark, there are things about the Internet that any "newbie" - or even experienced user - should know.

Once upon a time, not too long ago, the Internet was a small community of mostly computer geeks, who lived by a certain set of unwritten rules.  Certain things just weren't done!  As a result, much of the Internet was designed (or not designed) with any checks and balances.  While people behaved in a certain way - because the community was a certain size - there were no physical or electronic limits on what people could get away with - to some extent.

By the mid 1990's, we started to see a lot of non-traditional users starting to utilize the Internet for the first time.  And for the first time, the Internet became a place for advertising, commercial activity, pornography, and criminal activity.  It seemed with every new day, some new scheme, virus, worm, spambot, or other annoyance, was being contrived.  The small-town community of nerds who could shame each other into behaving properly, was gone for good.

The Internet is too powerful to simply walk away from.  You need it today, to book a flight, get your boarding pass, rent a car, balance your checkbook, send and receive messages, and increasingly, get the news, download television shows or movies, talk on the phone, or whatever.  In addition, the Internet allows you to do research on a number of things, from basic pricing information, to the rules of Mahjong.  Living without the Internet puts you at an economic disadvantage, just as living without a cell phone is very, very hard these days - now that pay phones are gone.

The following discussion is by no means a complete encyclopedia of things to watch out for on the Internet.  But it highlights some common things you should look out for.
1.  Spamming - One of the very first annoyances on the Internet was Spamming.  In the old days of "newsgroups" you could go online for a discussion of anything from particle physics to cake recipes and post and read messages about that topic.  One day, in the early 1990's, you might notice a posting with an advertisement in it, particularly one off-topic.  The users rose up in arms!  At first, the users who posted SPAM were shouted down, or their userIDs revoked.  But that honeymoon lasted only a short while.

Within a year or two, there was so much SPAM that you couldn't keep up with the attempts to stop it.  And the SPAMMERS came up with clever ways of hiding their tracks, so they couldn't be found and shut down.  Pretty soon, most Newsgroups were nothing but SPAM and the SPAMMERs shut them down.

SPAM, of course, is a reference to a Monty Python comedy bit, which reflects the entertainment interests of the computer geeks of the time - introverted, slightly overweight, pasty white males who had every line of various Monty Python bits memorized.  And the name stuck.

But SPAM didn't end there.  People stopped using the Newsgroups mostly, and today they are pretty dead.  If you are looking for a discussion group on a topic, chances are, it is on a moderated website.  Most of these sites monitor for SPAM, but increasingly even there, the SPAMMERs get away with murder.

In many cases, they cleverly hide their messages, and use SPAMbots (automated programs) to patrol the Internet, looking for discussion groups, and then automatically posting messages promoting a product.  And usually, these efforts at SPAM are completely transparent, because they include a link to a commercial website.

For example, on one car board, a message about battery "charge" was responded to by a SPAMbot with a message about charging the air conditioner.  The 'bot was clearly programmed to look for the word "charge" without context.  Making it even more clearer was the fact that the same message was posted several times at once on the site.

SPAM also takes the form of e-mail SPAM, and if you are on the Internet long enough, you will  get SPAM e-mails.  Fortunately, modern e-mail programs, particularly web-based ones, will filter out and delete most SPAM messages.  It goes without saying that you should never buy products or services from someone send you an unsolicited e-mail as it only encourages more SPAM.  In addition, as I have noted before, any economic transaction predicated on a LIE is not going to get better as you go along.  The SPAMMER has already shown you what a low-life he is by SPAMMING you.  Why would you expect him not to cheat you later on?

Today, advertising on the Internet is becoming more and more sophisticated.  And the term SPAM has come to mean almost any advertising on the Internet.   But SPAM is still SPAM, and much of what is heavily advertised on the Internet is basically a raw deal.  If you see an ad on Facebook, chances are, it is a raw deal.  You see an ad on Google, pretty much it is a raw deal.  If you get an e-mail SPAM message, chances are it is pretty much a raw deal, if not outright CON.

And of course, you have to look carefully to tell the difference between the paid ads on the Internet and real links.  Advertisers try to make their ads look like article links or Google hits.  Again, deception - and if you are foolish enough to do business with someone who snags you based on a cheap deception, who is to blame when it all goes horribly wrong?.

It is the same, however, in the "real" world - ads in the back of Smithsonian for "Gov't Gold" that are faked up to look like magazine articles.  And almost anything advertised heavily is usually a raw deal these days.  Good deals don't need advertising.  Bad deals do.  So that SUV that is hyped on television with "low, low lease rates" that are good only this weekend - that's a raw deal.

So the Internet is no better or worse than "real life" in that regard.  You have to be astute and walk away from shiny lies and shaded truths.  As a general rule of thumb, I never, ever click on an advertised link or use the services of a company that advertises heavily on the Internet.

2. Trolling is a name given to an odious behavior that occurs in discussion groups, and while harmless enough, is sort of like being called names in High School.  The troll will post something in a group that is designed to get people all riled up so that they post angry responses.  It is a classic form of baiting.

This sort of behavior started occurring at about the same time that SPAMMING came into fashion.  Discussion groups were being populated with more and more "newbies" and were becoming more and more anonymous.  Some folks took to trolling in the same way kids call each other names in High School - as a means of baiting someone into responding.

Of course, it is pretty silly stuff, and no economic harm can come of it.  But it does illustrate that discussion groups, like social websites, can be huge time-wasters for many people.  If you find yourself being drawn into such a discussion, chances are, it means you are spending too much time on the Internet.

UPDATE:  Since I wrote this, trolling has gone pro - to advance political agendas, affect international politics, destabilize entire countries, or advance economic interests and protect the reputation of corporations.   Life was simpler back in 2010!

3. Phishing started about the same time, or shortly thereafter.  It was not hard to do - you send out an e-mail to someone saying that your account has been "hacked" and by the way, can you tell us your password?  At first, these might have been pranks, but they quickly escalated into major criminal activities and are the #1 source of trouble for newbies on the Internet.

The idea of Phishing (which derives its name from fishing and the band of the same name) is not new.  In the old days, con artists would call old ladies and say "Ma'am, I'm from the fraud department at Citibank, and your credit card has been involved in a number of suspicious transactions."  In short order, they convince the victim to hand over the credit card number, the expiration date, and any other information needed to use the card fraudulently.  They may go so far as to tel the victim that they will let the "criminal" charge several transactions on the card as a means of ensnaring them - but the real reason is to prevent the victim from having the card canceled.

The Internet has just made this easier to do on a more massive scale.  Most of these Phishing schemes involved phishing for passwords to e-mail accounts, so the criminal can send out SPAM messages or virus messages to the mailing list of the recipient.  The recipient opens the message, thinking it is from a friend (and thus not a virus) and a worm or virus is loaded into their computer.  The criminal then can take control of the computer (as a background job unnoticed by the user) and use it as a platform for sending SPAM or hacking into other systems.

Other phishing attempts are more direct - they solicit credit card or banking information and PIN numbers so the criminal can steal directly from the user.

Avoiding these scams is not hard to do.  No company will ever send you an e-mail asking for your passwords or other information.  If you do get one, log out of the Internet and then open a new browser window and log into the company website using the regular link you use (which you should bookmark to prevent accidentally logging into a "typo" website) and see if the issue is legit.  If at all in question, CALL the bank or other agency directly.  NEVER EVER just "click" on a link in an e-mail purporting to be from your bank, credit card company, or whatever.

And it is not hard to copy the logos and formats of legitimate companies in an e-mail.  So even if an e-mail "looks" legit, don't fall for this form of Social Engineering.

4. Social Engineering is the name given to the technique for obtaining information from users.  Many people believe that a "hacker" can just randomly break into their computer at whim.  But if you are using a firewall (usually built in to your router) and don't download virus loads, then it is very hard for someone to "hack" into your system.

The term Social Engineering was used to describe how hackers break this last link - by getting the victim to willingly hand over password and other information so as to allow the hacker entrance into their system.

Again, these may be official sounding e-mails or the like that warn of dire consequences unless you hand over your password and other information ("Hotmail will close your account unless you re-activate it now!").

5. Toxic Websites bear special mention.  These are websites that, when you visit them, may produce a pop-up message that fakes a windows error message.  The fake pop-up will look like a real windows error and say "Windows has detected the presence of a virus!  Click here to scan!" or something to that effect.

But of course "Windows" has not detected a virus (Windows does not have that capability) but instead the fake message is generated by the website.  When you click on the link, it downloads a toxic program into your computer that could be a virus or other malware.  But usually the gag is, they want $39.95 for software to "remove" the virus.  When you pony up the dough, they steal your credit card number, and then load the "virus cure" which is more malware.

Google and other search engines are getting better about filtering out such websites, and on Google in particular, such sites may be blocked or a message will pop up asking if you really want to visit the site and giving you other warnings.  Note that such sites could purport to be anything, from pornography sites to IEEE publications.

6. Grooming is a name given to two internet techniques.  Pedophiles may "groom" young people online.  But that is not what I am talking about here.  Rather, I am referring to companies that patrol the Internet to "groom" their image by posting messages on websites and discussion groups, either anonymously or under fake names - or under their own name - either disputing negative information about their company, or lauding their own company.

Often, one goal of grooming is not to refute the message criticizing the company, but rather to attack the messenger by baiting them with personal attacks.  The idea is to paint any criticism of their company as unreasonable or irrational.

There is nothing wrong, of course, with a company refuting allegations that are untrue or responding to allegations with contrary information.  What should be a tip-off, however, is when a company spends more time online grooming its image than providing better customer service.

Companies that use saturation advertising often are selling bad bargains, and they need saturation advertising to constantly get new customers.   Companies that spend a lot of time grooming, in my opinion, are also suspect.  If you have a quality product or service, you don't really care what someone says about your business - you will get customers regardless.  But if you have crappy products or services, then grooming makes sense - as you don't want the real word getting out about your company.

When looking at postings online, consider the nature and frequency of grooming posts and it will help you understand what is really going on.

7. Shilling is a term from the auction business, and it refers to a person in the auction audience who actually works for the auctioneer, and "bids" on items to pump up prices or to prevent an item from selling for below a certain price.  Auctioneers use shills to manipulate the audience and also insure higher prices for items sold.

On the internet, there are shills on auction sites, although on most sites (eBay) it is illegal (although hard to trace!).  It is not hard to call a friend and have them bid on an item to jack up the price.  I've never done it, of course, but others could and surely do.

But shilling also refers to someone who goes online and pretends to be a disinterested consumer and posts a laudatory post of a good or service, in order to generate business.  And it works.  People will read a laudatory review of a product and it generates traffic.

When you go on a site and see postings like that, take them with a grain of salt.  Many companies practice this odious technique to generate sales for themselves.  For example, in the automotive accessories business, shilling goes on all the time on car boards.  A supposedly disinterested customer will say "I buy all my parts fromXYZ company!  They are the best!" and then some other user will note that the IP address of the poster was the XYZ company server.  Most shills are not that clumsy, of course.

Manipulating public opinion is the goal of any advertising man.  If you can take a woman's cigarette and then do an ad campaign with cowboys, well, pretty soon, you've created "Marlboro Country" and sold what was a ladies' product (with a red tip to hide lipstick) as the ultimate in manly consumption.  That's all very well and fine when ads are ads, and not subtle product placements.

But shilling, like product placements, flies under the radar.  If you are not astute, you don't even realize you have been had - ever.
The Internet is a powerful tool that can liberate you or enslave you, depending on how you use it.  For me, it is a portal to my work life, my financial life, communication, research, entertainment, and even socialization.

However, in using the Internet, you have to be astute and question the premise of a lot of things presented to you.  Taking things at face value - whether they be a social engineering e-mail, a phishing bait, a shilled posting, or some corporate grooming - is sure to cause you grief.

SOME SPECIFIC SUGGESTIONS for Newbies:
1. Log on to www.snopes.com every few days and read about the latest updates (and real information) on rumors, internet scams, and virus scares and the like.  You will learn about things going on long before they end up in your inbox, and also recognize cons. (UPDATE:  Since I wrote this, Snopes has gone down the toilet. The Internet seems permanent, but it isn't.  Something that keeps Zuckerberg up at night!)

2.  Install Spybot Search and Destroy (and not some similar sounding product or advertised website) and immunize your system and check for problems, at least weekly.  Update it regularly.  It is FREE.  If you go to a site that sells "Spyware Doctor" or some such nonsense, or charges for the software, you are on the WRONG SITE (note that on Google, the "advertised" link is NOT to Spybot!).  You can DONATE to Spybot, but they do not REQUIRE payment. (UPDATE:  Most operating systems now have built-in virus scanners and Spybot and other virus scanners are redundant.  Just be sure your built-in scanner is enabled and updated periodically!)

3. Also install Malwarebytes and do the same.  There is a FREE version of this (see link) and a paid version. (UPDATE: Ditto of above).

4.  Use Yahoo mail, Hotmail, or  g-mail or another web-based e-mail which has a built-in virus scanner.  If you do this, you probably don't need to pay McAfee or some other company for a computer-slowing (and data harvesting) "anti-virus" software.  All attachments you receive will be scanned automatically.

5.  Avoid forwarding e-mails with rumors, funny pictures, or the like.  It only makes you look like a doofus to others, and clogs other's inbox.  If you really want to do that sort of thing, facebook is a better venue than e-mail (UPDATE: Except for you half-assed conspiracy theories and anti-vaxxer nonsense!).  The Internet is a powerful tool.  Don't use it for silly stuff like that - you are more likely to download viruses and other garbage from forwarded e-mails than anything else.
Be skeptical and be careful!  And good luck!