The topic I want to cover today is not really a hacking/cracking in its purest form. Rather, it’s a form of online referrer hijacking, specifically related to the affiliate comission hijacking, and it mostly affects affiliate marketers.

There are a few big distinctions between hacking and affiliate commission hijacking.

Hacking involves compromising user computers, servers, websites or mobile devices. And in most cases hacking/cracking is illegal.

Affiliate hijacking, on another hand, is not illegal (as far as I know). Yes, it’s immoral. Unfortunately, we live in a world with rather low moral standards. Affiliate hijacking, involves intercepting and stripping off affiliate marketer’s affiliate id, inserting attacker’s own affiliate id, and placing his/her own cookie in a computer, in hope to get credited for the sale.

In reality, TOS of the majority of affiliate programs forbid buying through your own link. Affiliate programs are well aware of this practice, so if they see that the purchase is made from the same ip or using the same name/email address, or some other parameters raise the red flag, affiliate commission is annulled.

When affiliate id is stripped, affiliate marketer is not credited for the sale.

But it doesn’t bring any benefit to the person who hijack the affiliate id, because s/he still pays the full price for the product.

The only party who really wins in this scenario is a product vendor, since he gets to keep all 100% of the sale and don’t give anything to the affiliate.

So this kind of behavior is just childish and plain stupid. Not to mention useless.

Yet, to affiliate marketers, it costs tens of millions of dollars in lost commissions each and every year.

If you’re an affiliate marketer, today I’ll show you the tool that will stop the theft of your affiliate comissions:

Phantom Affiliate Protection

To be exact, it will stop around 90% of all the theft. If the person who steals your affiliate commission is familiar with redirects and frames, this little tool won’t stop him. But hey, not everybody is a programmer. In fact, a majority of people who currently strips your affiliate id, have no idea how to write even a simple script.

Let’s say you’re promoting a product X.

If you’re using your affiliate link like this:

http://productX.com?affid=XYZ,

it doesn’t take a genius to figure out that your affiliate id is XYZ.

On another hand, if you use something like this:

http://onlineworldsecurity.com/recommends/productX ,

it’s not that easy to find your affiliate id and steal your commission.

This tool not only protects your affiliate links, it also tracks your promotion campaigns, which is very important if you want to make any money online. Without tracking any marketing is doomed. You can even add scarcity message or signup form to your affiliate link. This way you’re promoting somebody else’s products and are  building your own list at the same time.

Grab your copy here: Affiliate Link Cloacker

Let me ask you a simple question. How many sites are you a member of, and how many different usernames and passwords do you have?

Average internet user has hundreds if not thousands of different logins. Since trying to remember all those passwords is impossible, such user just write them down in an ordinary notepad or word file, and save them on her/his computer as-is, without any protection whatsoever.

May be you’re one of such users. If so, you need to secure this information asap. Otherwise, if your computer is hacked, all your passwords will be readily available to a perpetrator.

Believe me, computer hacking occurs much more often than you think. You probably think it happens to somebody else, but it will never happen to you, right?

Well, let’s see… You’re reading this post, so you’re obviously connected to the Internet. Can you honestly tell me that you know the exact permissions and protocols required by each program installed on your computer? Are you sure that you know the number of processes required by each program, correlated PIDs and port numbers used by this program both for incoming and outgoing connections, as well as ip range?

Do you also know how to identify stealth connections? And, to begin with, how to verify the authenticity of the application/program that you want to install?

If you don’t know answer to all these questions, then you can’t be sure whether your comp is safe or it’s already been hacked and is operated by another man.

I don’t want to scare you. I’m just telling you the facts.

So, if you now keep all your passwords on your comp, I highly recommend you to go right now and purchase RoboForm.

Without going too much into technical details, this password-protection tools stores and encrypts your usernames and passwords for numerous sites, and when you need to login, you just enter one master password. It also fills long registration and checkout forms for you with one click.

And since RoboForm runs a Black Friday Special, right now you can get a discount off first license.

Combine this with the fact that RoboForm uses strong encryption, and can sync your passwords to Pocket Pc and Palm, and you’ll see why I think it became a viable option for password management.

During this year we’ve seen many phishing scams that were pretty simple. In essence, twitter users were asked to go to a certain url (usually to watch some funny video or download digital “gift”), and on that page they saw something similar to twitter login screen. So they assumed they have to login to “twitter” in order to watch this video.

Of course, this “twitter login page” was nothing more than just a page mirroring actual twitter login page, and its whole purpose was to gather the usernames/passwords provided by unsuspicious twitter users…
Then perpetrators used those accounts to twit the same url (and other malicious links containing trojans and viruses) to other twitters.

Watch this video to better understand the mechanics of this twitter phishing scheme:
Now hackers changed their tactics. Sure, “twitter mirror” is very “productive”, so it’s not going anywhere, hackers will continue to use it. But instead of sending twits from the compromised accounts, they now send direct messages.

If you think about it, it’s much more effective for hackers, and much more dangerous for average twitter users.

If twitter user will see a few messages posted on her/his account, s/he will quickly realize that account is compromised, and will change the password. Then the game is over.

With direct messages, on the other hand, it’s quite another story. How many people actually check their outgoing DMs within twitter account? Exactly. Only a few. People look at the incoming DMs, because that’s the messages from their friends. But they probably haven’t look at their outgoing DMs even once since they set up automatic welcome message.

So the chances of average twitter users to notice abnormal DM activity in their accounts are minimal…
If you’re reading this post, and you’re avid twitter user, please go and check your DMs right now. And if you see suspicious activity, change your twitter user/password asap.

First of all, let’s be clear here. Right now I’m NOT talking about the ways to protect your computer from virtual theft. Virtual theft, which could happen through hacking into one’s computer or website over the Internet, is a far more advanced topic then the one that will be discussed today.

I have an entire course dedicated to the computer protection. If you’re interested to learn what you should do to protect your data from hackers, you might want to take a look at this course: Online Business Protection.

But today let’s talk about something that can be easily prevented, yet as of today the negligence in this area of data security causes huge headaches to many businessmen.

First let’s look at some facts.

• Fact Number 1 2,000 laptops and 5,000 smartphones are stolen every day.
• Fact Number 2 97% of stolen laptops are never recovered.
• Fact Number 3 Computers and smart phones are the #1 source of identity and business theft .

It also helpful to remember that 60% of businesses that were unfortunate enough to go through data loss, completely go out of business within 6 months. You business could be next if you don’t take proper precautions.

Now that I have your undivided attention, let’s see how we can avoid this unfortunate scenario. It’s time to talk about physical data protection.

The majority of people have hundreds if not thousands of usernames and passwords stored on their computers and smartphones in unencrypted format. If laptop or phone is stolen, perpetrators get easy access to email contacts, financial information, bank accounts, proprietary business plans, etc.

This obviously can lead to both identity theft and serious financial losses. Unfortunately, the majority of people don’t do anything to prevent the flow of events that would bring them in such a precarious position.

What makes the matters even worse, when laptop or a smart phone is lost or stolen, the likelihood of its data to be restored is slim to none. Unless there is a data backup stored somewhere in a secure environment. If there is a backup available, then data of course can be restored yet the probability to find the stolen item still remains miniscule. Let alone the chance to punish the thief.

Today I’ll share with you a great resource. It will help you not only to create automatic backups (just set up the system once, and it will automatically backup your data in two different datacenters). It also will allow you to recover your stolen item. You can also lock down your device before it’s retrieved. This way it will be much more difficult to steal your data. Or you can wipe out the data remotely from the device if you choose to do so.

It’s very inexpensive, plus they offer 1 Gb of backup for free. So go get your Smartphone and Laptop Protection now.

Until recently, Google was used by hackers mainly as an excellent source of easy potential hacking targets. With over 8 billion pages indexed and only a small percentage of users knowledgeable about internet security, it was easy to find the websites that could be hacked virtually on a fly. Rather advanced system of Google search operators facilitated this task even further.

Another way to quickly identify the topics of interest and of increased popularity is of course by Keeping eye on Google trends (yet another invaluable tool for both hackers and SEO specialists).

While hackers were playing their games, Black Hat SEO guys were playing theirs, dominating many lucrative SERPs and cashing in on a free targeted traffic.

But to the best of my knowledge, they were not combining their forces, at least at large scale.

Well, now they do.

SEO specialists from Poland identified one of the factors which are currently heavily used by Google to define relevancy of the search results. I’m talking about the velocity. In lame terms velocity is nothing more than the “freshness” of the particular post and links. The more recent the post is, the bigger its weight. Sure, there are many other factors that are taken into consideration as well – such as the number of incoming links, domain age, etc. I’m talking about velocity here, because that’s what allowed seo pros to exploit Google algorithm and, along with artificially generated incoming links, get millions of pages ranked for the keywords of their choice.

This is impressive on its own, though disturbing. What’s even more disturbing, they combine their efforts with hackers, and all those pages were filled with specific type of malware.

Panda Security Labs identified a list of keywords that were compromised. To be more precise, the top SERPs for those keywords displayed absolutely irrelevant results linked to some domains in Warsawa:

http://www.webpronews.com/topnews/2009/04/14/seo-blackhatters-target-ford-via-google

On second thought, it doesn’t mean that hackers and SEO pros are from Poland. It only means that they control the server in Poland, and the domain from Poland.