In the realm of tactics used by fraudulant affiliates (those persons/entities who use affiliate marketing but damage our industry) it never ceases to amaze me the amount of work and effort a fraudster will do for a few quick bucks. Only this time, I’ve seen it myself. First Hand… And someone at one or more networks had to have known about it.
You see, last summer I went somewhere with my son. “Guys day out”. And we were greeted at the entrance of a public venue and asked to register on our way in. Okay, free event, I get it. They had a couple tables with computers with new screens/keyboards. So I go to the screen and proceeded to register into the event. Okay… this looked familiar.
Way too familiar! It was a web browser in “kiosk” mode where you were supposed to put in your name, email addy, phone, etc. So, I used a Google Voice number, a spam bucket email addy, etc. And later when it wasn’t so busy I saw a guy that was obviously in charge of the registration area. I chatted him up. Got a touch “techy” and found out they were a “outsourced” company for doing registrations. The computers were connected (with a switch/hub) to a WiFi setup. Cool… I asked them what they charge for doing this and was told that their “fee” was sharing the registration data with the event promoter… Huh? Where’s the profit in that?
I asked them how they could do that? I was told that the surveys went through a “survey company” that paid them for the opinions. That made me curious… So I walked back later and put in a bogus registration and paid real careful attention to the screens….. AHA! I got the URL…..
After getting home I went to that URL and really checked out every page, read their code, etc. That second email address “verification” line?? Yup, it was in an iframe.. But the first one wasn’t. I smelled “email submit”. Then I saw some curious javascript… And without the server side I can’t be totally certain.. But. Given the uptick in email in the “spam account” I think about 4 email submits happened. I also think a zip submit or two happened as well. And curiously enough, .edu offers started flooding the spambox email account.
Now, that WiFi couldn’t have had more than one IP address… So here’s what I think was really going on. Whoever was doing the registrations sold the promoter on being their registrar for the free event. Then the “registration company” was using some clever page javascript to effectively “multiplex” answers to the registration and “survey” questions… And putting in multiple email and zip submits to affiliate programs.
How much money would that be? Let’s say two email submits and two zip submits (and all the email addys to a targeted list) for the 3000+ people attending the event?I’m guessing $12000.00 or more. Not bad for a days work. And just how did all that happen on a single IP address???? The network carrying the offers had to know. A call or email with an AM at one or more networks asked by the “affiliate” who told them they were doing registrations and wanted to offer an “optional” survey or offers, etc.
Pretty fraudulent if you ask me. If they took the registration, asked if I wanted to take an optional survey, then be shown “Would you like information from these companies”? and offered the choice to submit my info or not? Okay. To mask it all and the networks not stopping it dead in their tracks… Not good.
I don’t know which networks in this case. It was a year ago. But the network had to know. I’d place odds on the “affiliate” chatting up an Affiliate Manager with some BS story to get permission to do it. And just what AM in their right mind would approve of this? One that either didn’t care where the submits/clicks came from, or just too lazy to think things through. And a “Compliance Department” that isn’t being run well at all.
Start discussion.....