Saturday, 15 July 2017

One Weird Trick To Steal Your Money

The online healthcare scam – whereby sufferers of a particular illness are convinced to click through to bogus content via the promise of a cure for their condition – is unfortunately nothing new. Not only can these scams end up resulting in a financial cost to the victims, but they also divert patients away from providers of legitimate treatments – which, of course, also translates into lost revenue for these suppliers of genuine products and services.  

A related issue, the online sale of counterfeit pharmaceuticals, is also an enormous business for criminals; prescription drugs represent the largest market for counterfeit goods of any class of products, worth $200 billion annually[1]. Estimates suggest that between 10 and 30% of pharmaceuticals in circulation globally are counterfeit, resulting in up to one million deaths annually[2,3,4]. These figures highlight the importance to pharmaceutical brand owners of carrying out programmes of online monitoring for, and enforcement against, pharmacy websites using their brand names to sell products which, in reality, may have been produced using low-quality or inactive ingredients (issues which may affect at least 30% of counterfeit pharmaceuticals[5]).

One example of a medical condition which is commonly used as a 'hook' to attract the attention of Internet users is diabetes. Given the number of people affected by the condition, it is perhaps unsurprising that so many scams make use of content related to the illness; Public Health England recently released a forecast stating that the number of people with the disease could top 5 million if obesity rates continue to increase, with 1 in 10 adults in the UK being at risk of developing diabetes by 2035. This would mean that £1 of every £6 spent by the NHS would be allocated to providing care for diabetes patients[6]. 

In response to these numbers, there has emerged a very high volume of websites, social-media postings and spam e-mails which purport to provide information on supposed treatments for the disease. (A simple search using NetNames' Domain Monitor product, for example, shows that there are over 400 registered gTLD domains with names containing 'cure' and 'diabetes'.) Many of these offer pharmaceuticals or other products, or e-books giving guidance on lifestyle changes, which are stated as having the capability to 'cure' the condition. Of course, a significant proportion of these claims are bogus, and simply comprise attempts to extract payments from vulnerable sufferers. Other similar types of scam might claim to provide links to articles giving information on cures or research (such as the familiar "here’s the secret that Big Pharma doesn’t want you to know" postings), but are simply acting as 'click-bait', encouraging users to navigate to websites featuring malicious or otherwise unsavoury content.

A 2015 blog posting[7] presents a case study of a typical scam. The start point in this case is a spam e-mail encouraging readers to "discover the diabetes miracle for yourself", by clicking on a link to "watch a short video [to] change your life". The mail links to a website showing a 40-minute video presented by a purported medical doctor, offering the sale (for $37) of a 'training course' which can supposedly 'cure' diabetes by "following simple instructions for four to six minutes a day". The individual(s) behind the scam have also made good use of other promotional techniques, including the online posting of fake reviews in support of the treatment, and the application of search-engine optimisation to ensure high search-engine rankings for the website. A second review of the same case, published by the San Diego Consumers Action Network[8], notes a number of additional factors about the scam, including the facts that: (i) the 'doctor' featured in the video is actually a fake individual; (ii) the pseudo-science presented in the video is (of course) bogus; and (iii) the payment for the product on offer is made through a payment gateway which is unregulated and "has generated a number of complaints about difficulties in securing refunds and getting responses".  This type of scam is nothing new; a blog posting from 10 years ago[9] reports a similar scam, offering a fake product called Glucobate, at a time when the Federal Trade Commission (FTC) and Food and Drug Administration (FDA) in the USA launched a campaign to crack down on such schemes, sending 180 warning letters to entities involved in the distribution of deceptive advertisements[10].

An article by economist Alex Kaufman[11] presents a study of the psychology behind the types of videos produced by the purveyors of the "one weird trick to cure diabetes" type of campaign. Kaufman notes that common themes include: (i) the claim that the idea being presented is 'secret', using the knowledge that people will "give greater credence to information if [they've] been told it was once 'classified'"; (ii) the use of extended-length videos, under the assumption that "the more arguments you list in favor of something, regardless of the quality of those arguments, the more that people tend to believe it" and also as a way of qualifying sales prospects, by determining that "once you've established this is a person who'll sit through anything, you can contact them by e-mail later and sell them other products"; and (iii) the use of advertisements with quirky language ("one weird trick") and poor-quality graphics, so as to generate a 'hook' which is intriguing, distinctive and accessible, and provide "the illusion that it's one man against the system". Many of these ideas are also used – or built on – on the many websites which can be found via simple Internet searches for phrases such as "diabetes cure"; some of these will employ a kind of double-bluff, by rubbishing other similar sites, whilst simultaneously providing testimonials for their own products and services.

Given the familiarity of this type of scam, it may be surprising that people will still pay money for fake treatments. However, there still seems to be a willingness by sufferers to believe bogus claims, borne out of a hope that claims of cures for their disease might be based in reality. A posting in a forum on the Diabetes.co.uk website, for example, talks about a Facebook post advertising a diabetes 'cure', stating that the reader had "clicked on the link and it doesn't give much away about what it is or how it works but I was reading through the comments and apparently only a select few seemed to have had prior knowledge about it".  As with many things on the Internet – and in life – it is often advisable to apply the old mantra that "if it seems too good to be true, it probably is".  

References 

[1] http://www.havocscope.com/products/ 
[2] http://sophiccapital.com/wp-content/uploads/2014/10/Download-Full-Counterfeiting-Report-Here.pdf 
[3] http://www.eltiempo.com/archivo/documento/CMS-13140064 
[4] http://europe.newsweek.com/fake-drug-industry-exploding-and-we-cant-do-anything-about-it-333176 
[5] http://www.medicaldaily.com/global-problem-counterfeit-drugs-affects-even-legitimate-sources-such-hospitals-and-329914 
[6] http://www.bbc.co.uk/news/health-37720610 
[7] https://blog.cloudmark.com/2015/04/15/medical-scams-dr-pearsons-diabetes-cure-and-quantum-vision-system/ 
[8] http://www.sandiegocan.org/2015/03/15/scam-alert-stay-free-of-diabetes-free-miracle-shake-scam/ 
[9] http://www.mendosa.com/blog/?p=114 
[10] https://www.ftc.gov/news-events/press-releases/2006/10/ftc-and-fda-act-against-internet-vendors-fraudulent-diabetes 
[11] http://www.slate.com/articles/business/moneybox/2013/07/how_one_weird_trick_conquered_the_internet_what_happens_when_you_click_on.html

This article was first published on 14 November 2016 at:
https://www.netnames.com/insights/blog/2016/11/one-weird-trick-to-steal-your-money/ 

An updated version was published on 2 December 2016 at: 
https://www.koganpage.com/article/the-cost-of-online-scams

No comments:

Post a Comment

Phishing trends 2024 - and a look at some new data for domain threat quantification

Overview This year's annual phishing report by Internet technology consultants Interisle [1] has provided a number of key insights into...