Beware the Online Coupon: Scammers Tempt Budget Conscious Consumers

Editor’s Note: This article was co-written by Brand Variety employee Jennie Scholick and appeared in part on Brand Verity’s blog. 

Everybody’s looking to save a few dollars these days, and, as a result, couponing has come back in vogue. All it takes is a look at a tv show like TLC’s Extreme Couponing to realize that couponing has fully entered into the American mainstream. In response to the increasing desire to save money and awareness of online coupon deals, more and more consumers are turning to coupon sites or simply Google searching for relevant coupon codes before making purchases. But, this increase in traffic for coupon sites has also resulted in an increase in black hat attempts to deceive and defraud consumers looking for coupon codes.

The Basic Scam

Essentially the method for these types of coupon abuse is a simple bait and switch: get the consumer to click on an ad thinking they’ll find a retail code and instead have them enter in personal information that will allow the black hat to steal money from them.

The black hat will run an ad, for example a Macy’s coupon:

$500 Macy's Coupon

When the consumer clicks on the ad, they are taken to a landing page that asks them to enter a name and phone number:

Macy's GIveaway Day

After entering their cell phone number (and the system only allows a cell phone number), the user will receive a text message containing a PIN number. They enter the PIN back into the site expecting to receive Macy’s coupons and begin getting charged $10 per month through their cell phone account.

The Loan Application Variation

The other common variation we’ve seen is that, instead of a cell phone number, the landing page asks for the user’s information via a loan application.

For example, an organic Google search for Hanna Andersson turned up the following listing:

Hanna Andersson Coupon FreeShippingFind today online

Hanna Andersson Coupon Free Shipping Save Money with The Coupon Clippers, the internet’s largest source of coupons and grocery coupons! Hanna

hanna.andersson.coupon.free.shipping.coupon.onlinesearch.us

In this case, the listing isn’t a paid search ad, but instead a natural search result. When the user clicks through, they are taken to a page that asks them to fill out a loan application:

Loan Application

Of course, doing so gives the scammers the user’s phone number and income as well as other identifying information. Also, depending on how the scam works, they could be asked to pay a fee or give their social security number or bank information in order to secure the loan or “coupon.”

Coupon Hijacks

The above examples all show companies using their own URLs in the display ads or search listings. The other way these scammers target users is through paid search hijacking. While most paid search hijackers impersonate the retailer, running search ads that claim to be large companies like Macy’s, coupon hijackers run search ads pretending to be coupon sites such as DealCatcher:

Macy's Coupon

However, when the ad is clicked on, the user, after a series of checks, is redirected to a landing page asking for the user’s email address and phone number. Rather than DealCatcher, they are now at YourCouponHub.com.

Macy's YourCouponHub.com

From here, the scam works much like the cell phone scam described above, but in this case the user expects to receive coupons not from an unknown entity, but rather from a trusted source, DealCatcher. Neither DealCatcher nor Macy’s sees any of that money and the customer cannot find the real company to stop the payments.

You can see more examples of hijacked coupon sites and sample landing pages here.

These advertisers take advantage of poor Display URL enforcement in Yahoo and Bing, something which Google used to have problems with, but has since tightened significantly (we have not seen these ads on Google). We have seen these scams target a number of established coupon sites. Some of the targeted sites include dealcatcher.com, tjoos.com and ultimatecoupons.com. The coupon site is rarely running their own ads on these keywords so they are easily run.

Not only is this kind of scam bad for all three victims, the customer, the retailer, and the coupon sites whose names and business models are being besmirched, but it also makes it extremely hard for any of those victims to track down the perpetrator.

These ads also violate multiple aspects of Microsoft AdCenter’s trademark and editorial policy. Microsoft has been particularly responsive to takedown requests for this abuse and it appears they are regularly deactivating the accounts of the advertisers as they appear.

The recent increase in these kinds of actions suggests that coupon code abuse is a burgeoning field. The current manipulation of coupon code sites by black hats negatively affects consumers, retailers, and affiliate managers and, as black hats constantly evolve their techniques, we can expect that these methods will only become more sophisticated with time. Constant surveillance of affiliate programs helps control historic types of abuse and the same careful attention to the maintenance of programs should combat these new efforts by black hats.

 

Jennie Scholick, an intern at Brand Verity, is a writer, dancer, and a Graduate Student at UCLA.

About David Naffziger

David was most recently VP of Engineering at Judy’s Book. Prior to Judy’s Book, he co-founded Quova, the leading provider of Internet Geolocation technology. At Quova, he was Director of Research, where he led the architecture of the algorithms, tools and processes that produced the geolocation data that is used by companies such as Google, Yahoo, Microsoft and Amazon. David was formerly a strategy consultant at Bain & Company and obtained his engineering bachelor’s from MIT.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>