Scammers’ link architectures

As much as it hurts us to admit, online scamming shares many of the characteristics of a legal business. Why? Because, in the end, they have the same goal – revenue.

To achieve that goal, businesses are forced to evolve and develop: their strategies, their plans, their modus operandi. Over time, online scammers have developed a series of “link architectures” that are aimed at increasing their pages’ Google ranking and, consequently, bringing more traffic their way.

Rescuetheweb.org has sketched and helpfully explained some of them (starting from the simplest and least effective):

1. The point source scam site
One standalone site – low Google Page Ranking – the author doesn’t hack other websites to create links to the site. This model is doomed to failure because of the low number of visitors.

2. The 2-tier scam architecture
One scam site – multiple links from various compromised websites pointing towards it – Google Page Rank rises. Sometimes, the compromised websites point to the scam site only when accessed via search engine referral, making the rightful owners less likely to notice the compromise.

3. The 3-tier scam architecture
One scam site – compromised websites link to other compromised websites, which then redirect the users to the scam site. Not only is this system of linking and redirecting likely to succeed in reeling in victims, but it will also raise the page’s Google Page Rank, leading to – yes, you’ve guessed it – more traffic.

4. Another 3-tier scam architecture
The previous architecture has one main problem: it requires the victim to click on that first link, and the click-through rate is rather low. The answer to this problem? Fake search engines where ALL the search results are tainted. Let’s look at a diagram of the architecture in question:

Conventional keywords are used to make the compromised sites appear among the legitimate top search results. When the victims click on the link, they are redirected by the hacked site to a fake search engine page that offers only links pointing to scam sites.

The switch from the real to the fake search engine page is almost instantaneous – most users fail to see it for what it is and think it was just a glitch. As in previous cases, these fake search engine pages are hidden from search engine crawlers and inquisitive people because the link only works if the user comes through the link embedded into the compromised site.

5. Scam Constellations

You might think of this architecture as a variation of the previous one – on steroids.
There is now a whole constellation of fake search engines – each of them points to a myriad of scam sites. Their domain names are almost identical: ggooglea.com, ggoogleb.com, ggooglec.com, etc., making for a more robust model that is less likely to be disrupted by shutdowns.




Share this