Results 1 to 3 of 3
May 19th, 2009, 06:53 PM #1
Who got email "Automate Affiliate Commissions" / packet-sniffing PPC fraud
- Join Date
- January 18th, 2005
Maybe this is just an elaborate paranoid delusion, but I'd appreciate some feedback from other affiliates, merchants, OPMs, etc.
(1) Did anyone else receive an email with this title: "Want To Automate Affiliate Commissions? (Here's How.)"
I received an email today that was addressed to a "special email alias" which I used when registering with a single merchant's affiliate program, but which came from a pseudonymous outfit that is trying to sell advice on affiliate marketing: the message subject was "Want To Automate Affiliate Commissions? (Here's How.)"
The only thing I know for certain is that my email server received this email from IP: 188.8.131.52 (secureserver.net).
The message headers claim that that server received the email from IP: 184.108.40.206 (peer2biz.com), which purportedly received the email from IP: 220.127.116.11 (rr.com -- a RoadRunner customer).
The email refers to the following domains:
- masdineroytiempo.com (the "from" address)
- peer2biz.com (listed as the originating mailserver AND the URL for the "unsubscribe" function)
- lifeontracknow.com (the URL promoted by the email)
A quick check turns up that those domains are all registered under the name "Felipe Huicochea," the latter two with the company name "Grobet Photography" (and an invalid phone number), but the first as "HO Technology and Trading, Inc," with a telephone number that is answered by "Felipe," who had a very interesting story to support his claim that this was an "opt-in registration" (see section 2, below).
Not surprisingly, of course, the entire campaign is an "affiliate" promotion to promote a scammy-sounding outfit that operates the domains marketingsecrets.com, opportunity.com, and infoback.com, all of which are apparently owned by someone using the name John Reese.
Felipe claims to be an "affiliate" of Mr. Reese's (he's sending this spam to promote the sale of Mr. Reese's scammy-sounding products and services, for which Mr. Reese would then pay Felipe a commission).
My concern is that "Felipe" somehow obtained a specially-coded email address which could only originated in one place: a single merchant's affiliate-program data. This is an in-house program (although the merchant also has a network affiliate program), and the merchant's affiliate manager has assured me that they have never authorized the release of this information to any third parties.
So, my first question is:
Was the affiliate-contact list stolen? or,
Was the merchant's affiliate-contact list sold or shared by the merchant?
(2) Is this a sophisticated example of packet-sniffing* and fraudulent-lead generation?
To my surprise, Felipe Huicochea returned my telephone call and researched the origin of this email address in his database. He said that someone, on January 10, 2009, logged in to his online "opt-in email" form (a sub-page on peer2biz.com), and manually entered this particular email address. He said that the person did this from IP: 18.104.22.168 (a DSL customer in the United Kingdom, perhaps in London). He also said that the only source of these leads was pay-per-click promotion via Google AdWords.
Assuming that Mr. Huicochea is an honest and ethical person -- and he certainly sounded honest and open, perhaps more so because his story is so completely implausible -- then I am trying to think of "some other method" by which this specially-coded email address might have been captured and then used for an opt-in registration related to "affiliate marketing." The problem I'm having is, what motivation would lead someone to engage in such a complex ruse to lodge my email address into someone's opt-in list?
The answer, I expect, is pay-per-click fraud:
- Somebody is operating an AdSense (or Google Search Partner) account and generating fraudulent clicks to earn money.
- Since they know that clicks without any follow-through will eventually be detected as fraudulent, they've gone an extra step by generating fraudulent opt-in registrations.
- Since they know that fraudulent registrations with invalid email addresses would also be detected fairly quickly, they found a way to get valid email addresses.
- Since they know that the fraud would more quickly be detected if there is no relationship between the email addresses and the subject of the opt-in list, they sought to match email addresses to the topic.
* But how in the world could somebody do this? How could somebody capture email addresses and categorize them by interest? My answer: Packet-sniffing or hijacking mail servers. Imagine if you could packet-sniff the traffic coming from a mail server, and capture the header (sender, subject, and recipient email). Or you could hijack the entire mail server and save or store the email traffic for later use.
This particular merchant sends out a monthly newsletter, with a subject like "merchantname affiliate newsletter." It wouldn't require very much skill to categorize the recipients of the newsletter as being "related to" or "connected with" affiliate marketing, and then store that in a database to later be used to fill in opt-in forms or registrations.
June 11th, 2009, 04:31 PM #2
- Join Date
- June 11th, 2009
Here is the explanation to your concerns.
There's no packet sniffing, sophisticated nor elaborate scheme here. One of my staff members got my old laptop and was easy for him to scan all the email addresses and bogusly add them to our Opt-in database.
How did your email address end up in my laptop? Well, a while back I was promoting the Bookdepot program and we both got an email on October 17, 2006 5:46:31 PM CDT with the subject "Affiliate Checks". In that email there are 17 visible email addresses... including mine.
After our phone conversation all email campaigns where suspended until the opt-in information is cleared and verified.
I'm really sorry for the inconvenience.
PS. I can forward the above mentioned email if you don't happen to save all your emails.
June 11th, 2009, 05:20 PM #3
- Join Date
- January 18th, 2005
Thank you for researching and following up on this, Felipe. I did search my email archive and you're absolutely right: there is an October 17, 2006 email from the Book Depot accounting person, which does include a bunch of email addresses in the "to" field, including mine and yours. They were dealing with a problem caused by a bank-ownership change, which resulted in their affiliate checks bouncing; they promptly issued new checks. This is the sort of "unusual situation" that can easily lead to mistakes like someone (who is not normally involved in contacting consumers) listing affiliate email addresses in the "cc" field instead of the "bcc" field.
More important, thank you for acknowleding that your employee abused your "opt-in" email list by adding people who never opted in.
And thank you for taking action to address this problem.
This is, of course, just one of many hundreds of emails I have received from merchants over the past 12 years, in which dozens or hundreds of email addresses are visible in the "to" or "cc" fields. And of course, many of those earlier incidents were followed by an increase in spam sent to the email addresses included in the lists.
Now I just hope that my paranoid theory isn't adopted by anyone to hijack email addresses....
Last edited by markwelch; June 11th, 2009 at 05:36 PM.
By QuitNow in forum Paid Announcements and AdvertisingReplies: 4Last Post: November 3rd, 2013, 03:31 PM
By JCSupSvc in forum Midnight Cafe'Replies: 3Last Post: February 4th, 2010, 02:12 PM
By seven-link in forum Commission Junction - CJReplies: 4Last Post: August 31st, 2005, 09:26 PM
By Chocolate_Chicken in forum GoldenCANReplies: 2Last Post: July 29th, 2005, 12:51 PM
By heisje in forum Programming / Datafeeds / ToolsReplies: 4Last Post: June 29th, 2005, 07:52 AM