Buyers beware—of Olympic scams

Shady ticket deals for the 2012 London Olympics? Hardly surprising. But when the source is Google’s famous AdWords advertisement service—one of the net behemothic’southward main sources of income—so a double take might be in order.

A BBC investigation found that a Google search for “olympic tickets” resulted in acme-of-the-page placement of sponsored sites for vendors selling tickets without permission from Olympic authorities, which is a criminal offense in the U.M. under the London Olympic Games and Paralympic Games Human action 2006.

Our research confirmed that the Google search shown below displays an AdWords link

that is not authorized to sell Olympic tickets according to the ticketing website checker on the official London Olympics website.

The prominent display of sponsored ads tends to confer on them a sense of legitimacy. Users may assume that Google has approved the businesses, or at least stands behind them in some way. Merely in response to a complaint from a would-be Olympic ticket purchaser, Google said, “While Google AdWords provides a platform for companies to advertise their services, we are not responsible for, nor are nosotros able to monitor the deportment of each company.”

The inner workings of AdWords are complex and opaque. These qualities are essential, because if Google revealed its algorithms, for example, people could easily cheat their fashion to the top.  While the automatic organisation does accept into account something called “Quality Score” and consumer ratings, it’s conspicuously not foolproof. A filtering organization flags certain keywords for manual review and removal if the ad is found to violate Google’due south policies, and users tin can also fill out an online complaint form. Due to the volume of ads, nonetheless, a questionable advertisement may be up for some fourth dimension before it is reviewed.

Websense® researchers investigated some of  the Olympic ticket scam sites. We found that most of them had multiple backlinks, suggesting they have been widely spammed over the internet in addition to being promoted via Google AdWords. A “backlink” is a hyperlink that links to a specific web page. Both legitimate web pages and spam URLs often effort to prepare up as many backlinks as possible to drive traffic to their sites, and the number of backlinks a site has may touch its ranking in search engine results. Similar the hyperlnks in this mail, links tin be used to provide additional context, information, or examples.

An exam of these backlinks confirmed that “birds of a [bad] plumage flock together.” One URL yielded 500 backlinking URLs in categories such as Adult Textile, Gambling, Proxy Abstention, Potentially Unwanted Software, Suspicious Embedded Links, and Malicious Embedded Links.

A fix of 375 backlinks for another URL found that 104 (27.73%) included various kinds of objectionable content, including security risks (the remaining URLs either had no backlinks or had backlinks for legitimate sites such as News and Media, Business organisation and Economy, and then on).  The breakdown for objectionable/security take a chance backlinks was as follows:

A closer look at simply one of the backlinks tells us a lot about the dangers of allowing comments that are not moderated to be added to any site. In this case, a perfectly legitimate website for a church posted a video of a Sunday School Christmas play and invited viewers to comment:

Viewers and spammers did exactly that, adding links not only to the Olympic ticket scam nosotros started with, but besides to a variety of other completely unrelated businesses which may or may non be legitimate, including German gambling and phone sex sites and an Italian “escort” agency:

Defensio from Websense is 1 fashion to forestall spammers from posting such links on blogs and other social media, including Facebook pages. With this service, it’s easy to block and manage comments, protecting yous and your followers from comment spam, malware, and other threats embedded in user-generated content.

With Google searches as with everything else, exercise your ain “due diligence” earlier making a transaction, even if the business is at the top of the folio. In the case of London Olympics tickets, the official website includes the handy ticketing website checker that we used to determine if a URL is recognized equally an authorized vendor. There’s also a folio virtually staying safe online, which includes a long listing of known scams that will but go longer as the July 27 opening twenty-four hours approaches.

Websense customers are protected from these threats by ACETM, our Advanced Classification Engine.