Avoiding Online Scams

Recently there's been a large surge in the amount of advertising emails we've received requesting we buy their sketchy online services. The purchase rate on online emails is absurdly low and at various points have been quoted as being as low as 0.01%. However given how cheaply each email can be sent, it can still be profitable for a company to send out several million of them.

Our problem isn't just with unsolicited mail, but with the kind of unsolicited mail that's obviously a scam; the kind of email that's so shady looking it's actually a bit insulting to think that there's someone who thinks you might look at it and decide to buy. This article will chronicle the content we receive through our inbox and hopefully showcase how to spot the giveaways between legitimate advertising and a fly-by-night company.

If this encourages these companies to up their game and send better correspondence then that would be good too.

To spoiler everything, here's our advice. Never do this. If you're tempted to send out a mass email campaign literally to the entire internet then just don't. If you're running any sort of business then you want to create a strong reputation among your customers as well as finding them with highly targeted marketing. You need to know who your audience is and then market only to them as accurately as possible, that's why services like SEO and the better class of marketing firms are so useful. Having thousands of hits to your page doesn't help you at all if none of them are people who would normally be interested in your product or service, neither does it help your company reputation to be known for your spammy services and for the first meeting between you and a client to be the equivalent of a thrown brick with a note attached to it. Some of these emails come from marketing agencies, I'd be terrified to be represented by these groups if that's how they find customers for themselves, does that mean that they'll do the same if I sign up with them?

For any business your success is measured largely by how many new customers you bring in as old customers drop away. Ideally you'll never lose any customers, or very, very few from unavoidable situations, and your customers will in turn recommend you to their friends which is the best kind of marketing you can possibly get. The opposite of that is "churn and burn", where you bring in new customers and milk them as much as possible before they realize how bad you are and drop away, while telling everyone to stay as far away as possible. Unfortunately this second kind of business is easier to run in the era of the Internet, where larger audiences can be reached far more cheaply than before, but there are many problems with this model not the least of which that these businesses will almost inevitably go bankrupt in a fairly short span of time.

Exhibit 1

This is actually one of the less offensive examples we've seen so far.

Obviously, point one, is that it's being sent through the customer contact form. So automatically that's a huge negative against whatever they're selling. Point two, and this applies to everything on this page, is that it's obviously an automated solicitation. We'd be much more responsive to someone if they were actually reading the website and pitching to us directly instead of spamming the internet with an automated bot.

The main problem I have here, is that the link is a bit.ly link, NEVER click a bit.ly unless you are absolutely stone cold certain that you know where it goes. It implies that it goes to a site called 'fitnessmystatussymbol', but the actual site is bit.ly, and everything after that is a name, not a description. So really you don't have any guarantee of what's on the other end and what exploits are going to immediately run against your browser when you arrive, and really, if it's a legitimate site why are they hiding where it's at.

We've also emailed the resulting email to try and figure out if it really is Anita sending these emails out, but so far we haven't received a reply.

Exhibit 2

The first thing that you might notice about this communication, is that it has no name. If you're sending a message to someone, for a legitimate reason, it makes sense that you'd put your own name down as the person who it's from. This alone tells us that a bot is involved here.

The email is suspicious too, it has a firstname.lastname format, then a year, which is probably supposed to be a birth-date? Which would make them 26? To paraphrase CIA power-point presentations, "you are not supernaturally attractive to total strangers". Obviously everyone has their own admirers if they realize it or not, and many of us can benefit from more self confidence. That being said, regardless of your gender or sexual preference you should be immediately suspicious of any unsolicited offers that come out of the blue over the internet. This applies to email as well as it does over Facebook, Instagram or Twitter. On the internet no one knows you're a dog. A very useful website to know is Tineye, which lets you upload an image and be able to see any websites that this image also appears on. If a romantic prospect appears out of the blue and sends images, Tineye will let you immediately confirm if it's simply an image they downloaded off a website.

The context is creepy. Her apartment? What? Remember, this came in over the internet through a website's contact form. There's no way this is a targeted email to one single site or person, it's too vague, so odds are that literally millions of this exact email went out, we've received at least 5 of these so far, so if someone's paying a third party to have them sent, they're getting ripped off.

Don't click any short links. Short.cx is right up there with bit.ly in terms of things in emails you should never click on.


Exhibit 3

Everything that applied regarding the names in the previous emails applies here as well. It's not a name from a real person, or even just a company.

There's no domain on the email. If you're pitching someone as a company, then the emails you send out have to come from that company. If you're "sketchyonlineservice", then in theory all your emails have to come from a real person with an email like realperson@sketchyonlineservice.com. There's a few possible flags there too, for example a .com.au domain requires your company to have an Australian Business Number when you register the domain, which confirms that the people who that page points to are an operating business that is directly linked to the name of the domain that they've just bought. You can get a domain from $3 for the first year and an email linked to it from $13 for the first year (GoDaddy and Zoho respectively), if these people aren't even willing to pull together $16 for their business that means that they're planning to cut and run and don't want their name on anything. A huge red flag.

More backlinks are not better. Everything else aside, more backlinks are not always a benefit to your site anymore. Google's search algorithm is not that simple, and having too many questionable links to your site can get it flagged as being "spammy", which imposes a penalty. A few links are good to prime the pump, but beyond that you need links stemming from keywords inside relevant articles. Just a link by itself is not a huge gain. These guys aren't doing a favor.

They want to be paid in Bitcoin. This is a huge red flag, the only reason that a company wouldn't want to take PayPal or Shopify payments is because Shopify, PayPal are traceable, provide refunds, track which companies have complaints placed against them and show up on government records. Bitcoin isn't as anonymous as people think, since it's perfectly possible to track a Bitcoin payment, however Bitcoin is like elctronic cash, it has no method to get a chargeback against a seller if they don't deliver or the product doesn't work. EasierIT for example uses PayPal and bank transfers, which also supports Visa and credit card payments. This provides a paper trail, but that's not a problem as we're a legitimate for-real company that pays taxes.

The email heavily implies that the work has already been done, but I can track which searchable backlinks are pointing to this site and I know for a fact that the backlinks haven't changed recently. So it's possible that they do the work once they receive the payment, but it's far more likely that this is all a fly by night enterprise that won't do anything once they receive the money as bitcoin has no method of getting your money back and there are no real people's names anywhere on this email. If you were to send them money, it would almost certainly just be gone.