If you’re reading wired.com, you almost certainly know the right way to sign in to a social site like Facebook, Twitter, or Pinterest. But there’s a chance your friends and relatives are doing it all wrong, and playing into the hands of illicit businesses in the process.
The right way to sign into one of these sites is to click on a bookmark or to simply type a web address into your browser. But people who are feeling lazy, or who are inexperienced with bookmarks or entering URLs, will often just search for terms like “Twitter login” or “Pinterest sign in” to get where they want to go. Some 151 million people search for the term “Facebook login” on Google each month, according to Google's advertising database.
Scammers then buy keywords or create websites to show up in these login searches, and redirect unwitting social media users to their own pages. So rather than heading to Facebook as you expected, you land on an ugly collection of text and blinking ads. Once captured, users are encouraged to click on advertisements or to install a browser toolbar that will change their default search engine. The owner of the illicit website earns a commission on each ad click and on search toolbar queries.
One scam site even created a “Pinterest desktop app” (click through at your own peril) promoted in a way that implies it comes from the so-named image-collection network, reports BrandVerity, which specializes in spotting such cons. The app installer prompts the user to also install the AOL Toolbar, DefaultTab Search Toolbar, GetSavin toolbar, Norton Security Scan Toolbar, which will pop up ads on your computer.
And of course the ultimate nightmare scenario is a fake login site run by criminal hackers who trick you into handing over your sign in credentials so they can make a far more serious cash grab.
Generally speaking, tech savvy users aren’t going to be fooled by these trickster sign-in sites. For one thing, such users tend to use Google, which does a very good job of screening out log-in page impersonators. BrandVerity’s survey found the scams are concentrated on results pages at AOL, Ask and, to a lesser extent, Bing and Google Mobile. You can also find some misleading ads on Yahoo. These are search engines you’ll tend to use only if you don’t know how to change the defaults on your computer. Even if you’ve seen the fake login page and clicked, the scam sites have to further dupe you into thinking that clicking on an ad link or installing a browser toolbar will somehow get you to a social sign-in page. You’ve basically got to be a sucker for spyware and malware to fall for one of these scams. Sadly, there are plenty such suckers out there.
For scammers, the financial stakes here seem to be quite low; a few pennies of advertising revenue or toolbar commissions here and there. But as the log-in cons get more sophisticated, there’s a risk to the social sites that are being impersonated.
“By luring in users and pretending to be the actual brand, [scammers] can lead those users to attribute their negative experiences (frustrating toolbars, ad-filled landing pages, etc.) to the real brand,” BrandVerity writes. “Not only does that weaken the brand, it can easily result in some user fatigue and attrition.”
