The Dark Side of PPC

Just as SEO has its evil twin, blackhat SEO, pay-per-click has click-jacking fraud. Click-jacking is when web users are goaded into clicking on web pages and revealing information, including their names and passwords.  Other goals include tricking users into making their social networking profile public, sharing or liking Facebook links, or making them follow someone on Twitter. The Federal Bureau of Investigation recently concluded a two-year investigation, bringing down a multimillion dollar click-jacking scheme.

The far-reaching plot affected four million computers, including 130 NASA computers and those belonging to governments, schools, and businesses, and raked in over $14 million, or £8.8 million.  How did they do this?  The cybercriminals (six of whom have been apprehended) redirected computer users from legitimate sites to rogue sites.  The benefit for them is that they made money on the advertising revenue.  Each time users clicked on links or the ads were displayed on these sites, they were paid.

The malware program that was used by the criminals had a few different functions:

  • Redirect the users to rogue sites.
  • Prevent popular websites, such as Amazon and iTunes, from displaying their content.
  • Place large ads on sites like those mentioned above in place of their regular content.
  • Prevent users from accessing antivirus sites and removing the malware.

Computers in 100 countries were affected.  An FBI agent involved in the case said, “They were organised and operating as a traditional business but profiting illegally as the result of the malware.  There was a level of complexity here that we haven’t seen before.”

Can computer users protect themselves against click-jacking?

  • Make sure your browser and add-ons (like Flash) are updated.
  • When using social media sites, be careful about the information you share or “like.”  If you are prompted to enter personal information, even on a legitimate site like Facebook, do not.  Scams like this often trick people into making their profiles public or in providing credit card information.
  • Be very cautious about clicking on links from emails.  If possible, search for the site instead so you do not have to follow or copy the link.
  • If you use Firefox, get a NOSCRIPT extension.
  • Make sure your antivirus definitions are all up to date.

Leave a Comment