Over the last year we’ve kept a close eye on different internet marketing scams that are out there as well as scams in general. Internet marketing scams are getting more and more realistic, more creative, and the stakes are getting higher. Today we are going to look at the worst of the worst when it comes to criminal marketing tactics, some of which we fell victim to.

Website Theft

This one hits close to home with us, because some shady website started doing this to us in late 2018. We’ve had dozens of people steal our articles, but stealing our entire website was something new for us. It wasn’t until a good friend of ours messaged us and said “hey, I just searched for an Elite Strategies article and some other domain popped up in the SERPs that we started taking it more seriously. Their content was outranking ours! So we called our lawyer and got our DMCA team on the case. Within about 1 month, Google squashed the majority of the results, and the other domains started disappearing.

If you’d like to see the results of our DMCA takedown you can find it here. We are still trying to get a few stragglers removed, but we got the bulk of them taken down.

Here is a copy of one of the stolen sites (out of 4), I’m not linking to them for obvious reasons.

The worst part about this “scam” is there really is no way around it. There are a lot of things you can do to avoid getting your website “stolen” such as preventing image hotlinking etc, but if someone wants your website, they are going to scrape it.

Google My Business Phone Number Hijacking

You wouldn’t believe how many times we get a new client and find the phone number is “wrong.” In some cases, it is an accident but in many cases it is straight up shady. It is actually a hobby of mine to collect audio records of their messages. Here is one from 2015.

In June of 2019 the Wall Street Journal wrote an article titled “Millions of Business Listings on Google Maps Are Fake—and Google Profits.”

In some cases it is an actual business model. Here in South Florida there are phone rooms packed with telemarketers and robo-callers to “claim your business.” Many times on the back end of these companies you’ll have black hat technicians use social engineering and other tactics to inject phone numbers into competitors’ GMB listings.

SEO & Backlink Extortion

To get straight to the point, this is what these people are doing: send an email threatening to send 100’s of backlinks to your website unless you do something in exchange.

I’ve been hearing of link extortion for a long time, but was finally able to get a solid example of this happening thanks to my friend Maddy Osman on Twitter. Maddy runs a super slick content operation and knows her stuff, and I was super excited when she started sending me all of these examples:

In this case she told them to f-off, and called their bluff. After all who really cares if someone sends pr0n links to your site?

MySQL Backlink Hijacking

In 2015, we did a case study on a massive hacked backlink network we found. Unfortunately not a lot has changed. We’ve been seeing this for years, but its been getting really bad over the last year. Hackers are using exploits in database servers to inject links in outdated websites. Sucuri did an excellent write up on this tactic on their blog.

These days hackers are mostly either politically or financially motivated…usually financially. Hackers really don’t put up the “you’ve been hacked” pages like we saw in the 90s and early 2000s.

I would estimate that out of the 1000’s of sites that I analyze, 5% of them are hacked and in 100% of the cases it was due to either outdated plugins or outdated hosting (servers.) In almost all cases, the business owner has no idea they’ve been hacked. In some cases they don’t even care! I can think of 2 websites from audits that I’ve done that are still hacked, and the business owner does not even care! One of them is a huge restaurant in NYC.

If you have been hacked, one quick way for WordPress users to test to see if any of your posts have been edited is to use the WordPress post search feature to search for spammy keywords.

Really the best way to come back from this is to restore your site from a backup.

News Jacking News Theft

Newsjacking is one thing, but straight up directly stealing an article word for word is another. Reposting content might seem like a cheap way to read your favorite news article, but it is putting good companies out of business, and giving money to shady marketers.

I won’t link direct to any of these articles, but I’ll show you how to find them:

Start by finding any content locked site, say Wall Street Journal. Find an article about 3 days old. Copy the first sentence (the article preview) and paste into Google in “quotes.” Voila! You will probably find at least 5-10 sites whose business model is to steal news articles, most likely jam packed with ads.

Here is an example using an article we referenced earlier.

Shady JavaScript & Facebook Like-jacking

This is about as clever as you can get, but super shady and deceptive. Possibly illegal. This can be done with any popup, or even link target. Click on some sort of call to action, and it will (in the background) ‘like’ a page on Facebook as long as you are logged into the account. You could even do this with a GDPR consent which is ultra shady.

Domain Jacking and Extortion

Nothing new here, but still rampant in 2019. This is a dirty, dirty industry and these people have it down to an exact science. The squatters have thousands of dollars worth of servers, services, and employees waiting for the exact millisecond that a domain drops, just in time to scoop it up before any human even has the chance to think about it.

Domain registrars hold a lot of the blame here as well.

Then there is straight up domain hacking. Hackers will brute force passwords or socially engineer a Godaddy customer support rep into giving a password out. This happened in September of this year when a small auto parts eCommerce shop had their domain stolen and demanded 10 BTC (100k USD at the time). The business owner ended up getting the domain back by using legal ju-jitsu, but let us all learn a lesson from this: use strong passwords and 2 factor authentication.

Fake Image Copyright Takedown

Almost every month we receive a threatening letter fwd’d from a client from some random lawyer-looking person threatening legal action if an image isn’t taken down and damages paid. Most of the time those damages are in the range of $50-$500 but at times are $500-$5000 and up! There are times when a client (or us) may have by accident used an image without a license, but most of the time these letters are from people just looking for money.

The first thing to do is to go on the offensive. Yes, you should provide proof that you have a license but they should also provide proof that they are the creators of the image!

But recently there is an even more clever scam. People will send you threatening letters and instead of demanding money, they are demanding backlinks.

Pretty genius if you ask me, but straight shady and not a good way to make a living.

Incentivized Amazon Reviews

This year things started to get interesting in the world of fake review, consumers are really smartening up with reviews. Fake reviews are nothing new, people will always make fake reviews despite warnings from the FTC and being outed by watchdog groups. These days incentivized reviews are the hot thing. It goes something like this:

  1. you see an ad or get a random Facebook / IG message from someone
  2. They ask you: hey do you want a free “USB hub, phone case, snuggie” and you reply “sure why not”
  3. They tell you to buy it on Amazon, leave a review, and they will reimburse you for the full amount.

I’ve heard about this happening a lot and I even got baited a few weeks ago:

I didn’t go for it, not something I want to get wrapped up in. These type of review shenanigans are pretty much everywhere these days, and product marketers hate them. Shoddy products make their way to the top of Amazon search results, which really isn’t fair.

The FTC warned the general public a few years back about fake reviews. Now they are taking action and are cracking down on fake reviews, The FTC even went after a major beauty chain for fake reviews. They are not messing around.

Fake Influencer  and Life Coaching

2019 was the year of the influencer. Everyone is an influencer. I have nothing against influencers, I love their entrepreneurial spirit and enthusiasm but fake influencer accounts are on the rise, and fast. These accounts are constantly getting outed for a number of reasons:

  • buying fake followers
  • using black hat methods to gain views
  • Photoshoping themselves into photos
  • shilling shoddy products

While you technically aren’t allowed to create a personal account using someone else’s name, you can create “fan accounts” as long as you use “fan account” in the description.

I think there are a lot of great life coaches out there, and a lot of people that can benefit from them. But there are hoardes of scams out there from “online life coaches” that make bold claims to make you more money, lose weight, get fit, be happy, etc. In 99% of the cases it is just people that send you emails & messages of inspirational quotes and give you refurbished advice.

“News flash, we are not cats,” says one mindset coach that slings their services online:

There are dozens if not 100’s of ways that phony influencrers will try to get to your wallet, this is just one way. Other ways include peddling supplements, meal plans, workout “plans” and so much more. Be on the lookout for “new year, new you” type of scams coming up in the next month.

Rehab Shenanigans

2018-19 where things really came to a head with rehabs. Dozens of people in South Florida were arrested for “body brokering” as well as shady billing practices and insurance fraud. From an internet marketing standpoint, Google took a hard line as well and cracked down hard on Google Ads for rehabs. The total ban has now been lifted but they’ve gotten a lot more strict with the vetting process, as all treatment centers are now required to be vetted by Legit Scripts.

But rehab marketers continue to use the internet to prey on the weak. SEO is on the rise now that PPC is somewhat reigned in. Checkout this very interesting case study written about backlink outreach from someone claiming to be a US government agency! I don’t like to use this word, but how stupid can you be?

Tech Support Scams

These websites are particularly horrible for one reason: they prey on the elderly! These websites place ads and use SEO to rank for all sorts of “help related” keywords and topics, then send people to high pressure call rooms where they are sold, upsold, extorted and blackmailed. 

When you Google their phone number, it is just a total wreck. All sorts of red flags for all different types of stuff. Scam city.

That’s it for now!  There were a number of people that contributed to this post but wanted to thank my good pal Taylor from Twitter who helped with some of the content mining and also connected me with  Maddy Osman who was a huge help with the linkbuilding scam information. If you have any kind of internet marketing scams or related shadiness, feel free to hit me up on Twitter @pmkoom