The topic I want to cover today is not really a hacking/cracking in its purest form. Rather, it’s a form of online referrer hijacking, specifically related to the affiliate comission hijacking, and it mostly affects affiliate marketers.

There are a few big distinctions between hacking and affiliate commission hijacking.

Hacking involves compromising user computers, servers, websites or mobile devices. And in most cases hacking/cracking is illegal.

Affiliate hijacking, on another hand, is not illegal (as far as I know). Yes, it’s immoral. Unfortunately, we live in a world with rather low moral standards. Affiliate hijacking, involves intercepting and stripping off affiliate marketer’s affiliate id, inserting attacker’s own affiliate id, and placing his/her own cookie in a computer, in hope to get credited for the sale.

In reality, TOS of the majority of affiliate programs forbid buying through your own link. Affiliate programs are well aware of this practice, so if they see that the purchase is made from the same ip or using the same name/email address, or some other parameters raise the red flag, affiliate commission is annulled.

When affiliate id is stripped, affiliate marketer is not credited for the sale.

But it doesn’t bring any benefit to the person who hijack the affiliate id, because s/he still pays the full price for the product.

The only party who really wins in this scenario is a product vendor, since he gets to keep all 100% of the sale and don’t give anything to the affiliate.

So this kind of behavior is just childish and plain stupid. Not to mention useless.

Yet, to affiliate marketers, it costs tens of millions of dollars in lost commissions each and every year.

If you’re an affiliate marketer, today I’ll show you the tool that will stop the theft of your affiliate comissions:

Phantom Affiliate Protection

To be exact, it will stop around 90% of all the theft. If the person who steals your affiliate commission is familiar with redirects and frames, this little tool won’t stop him. But hey, not everybody is a programmer. In fact, a majority of people who currently strips your affiliate id, have no idea how to write even a simple script.

Let’s say you’re promoting a product X.

If you’re using your affiliate link like this:

http://productX.com?affid=XYZ,

it doesn’t take a genius to figure out that your affiliate id is XYZ.

On another hand, if you use something like this:

http://onlineworldsecurity.com/recommends/productX ,

it’s not that easy to find your affiliate id and steal your commission.

This tool not only protects your affiliate links, it also tracks your promotion campaigns, which is very important if you want to make any money online. Without tracking any marketing is doomed. You can even add scarcity message or signup form to your affiliate link. This way you’re promoting somebody else’s products and are  building your own list at the same time.

Grab your copy here: Affiliate Link Cloacker

During this year we’ve seen many phishing scams that were pretty simple. In essence, twitter users were asked to go to a certain url (usually to watch some funny video or download digital “gift”), and on that page they saw something similar to twitter login screen. So they assumed they have to login to “twitter” in order to watch this video.

Of course, this “twitter login page” was nothing more than just a page mirroring actual twitter login page, and its whole purpose was to gather the usernames/passwords provided by unsuspicious twitter users…
Then perpetrators used those accounts to twit the same url (and other malicious links containing trojans and viruses) to other twitters.

Watch this video to better understand the mechanics of this twitter phishing scheme:
Now hackers changed their tactics. Sure, “twitter mirror” is very “productive”, so it’s not going anywhere, hackers will continue to use it. But instead of sending twits from the compromised accounts, they now send direct messages.

If you think about it, it’s much more effective for hackers, and much more dangerous for average twitter users.

If twitter user will see a few messages posted on her/his account, s/he will quickly realize that account is compromised, and will change the password. Then the game is over.

With direct messages, on the other hand, it’s quite another story. How many people actually check their outgoing DMs within twitter account? Exactly. Only a few. People look at the incoming DMs, because that’s the messages from their friends. But they probably haven’t look at their outgoing DMs even once since they set up automatic welcome message.

So the chances of average twitter users to notice abnormal DM activity in their accounts are minimal…
If you’re reading this post, and you’re avid twitter user, please go and check your DMs right now. And if you see suspicious activity, change your twitter user/password asap.

First of all, let’s be clear here. Right now I’m NOT talking about the ways to protect your computer from virtual theft. Virtual theft, which could happen through hacking into one’s computer or website over the Internet, is a far more advanced topic then the one that will be discussed today.

I have an entire course dedicated to the computer protection. If you’re interested to learn what you should do to protect your data from hackers, you might want to take a look at this course: Online Business Protection.

But today let’s talk about something that can be easily prevented, yet as of today the negligence in this area of data security causes huge headaches to many businessmen.

First let’s look at some facts.

• Fact Number 1 2,000 laptops and 5,000 smartphones are stolen every day.
• Fact Number 2 97% of stolen laptops are never recovered.
• Fact Number 3 Computers and smart phones are the #1 source of identity and business theft .

It also helpful to remember that 60% of businesses that were unfortunate enough to go through data loss, completely go out of business within 6 months. You business could be next if you don’t take proper precautions.

Now that I have your undivided attention, let’s see how we can avoid this unfortunate scenario. It’s time to talk about physical data protection.

The majority of people have hundreds if not thousands of usernames and passwords stored on their computers and smartphones in unencrypted format. If laptop or phone is stolen, perpetrators get easy access to email contacts, financial information, bank accounts, proprietary business plans, etc.

This obviously can lead to both identity theft and serious financial losses. Unfortunately, the majority of people don’t do anything to prevent the flow of events that would bring them in such a precarious position.

What makes the matters even worse, when laptop or a smart phone is lost or stolen, the likelihood of its data to be restored is slim to none. Unless there is a data backup stored somewhere in a secure environment. If there is a backup available, then data of course can be restored yet the probability to find the stolen item still remains miniscule. Let alone the chance to punish the thief.

Today I’ll share with you a great resource. It will help you not only to create automatic backups (just set up the system once, and it will automatically backup your data in two different datacenters). It also will allow you to recover your stolen item. You can also lock down your device before it’s retrieved. This way it will be much more difficult to steal your data. Or you can wipe out the data remotely from the device if you choose to do so.

It’s very inexpensive, plus they offer 1 Gb of backup for free. So go get your Smartphone and Laptop Protection now.

Until recently, Google was used by hackers mainly as an excellent source of easy potential hacking targets. With over 8 billion pages indexed and only a small percentage of users knowledgeable about internet security, it was easy to find the websites that could be hacked virtually on a fly. Rather advanced system of Google search operators facilitated this task even further.

Another way to quickly identify the topics of interest and of increased popularity is of course by Keeping eye on Google trends (yet another invaluable tool for both hackers and SEO specialists).

While hackers were playing their games, Black Hat SEO guys were playing theirs, dominating many lucrative SERPs and cashing in on a free targeted traffic.

But to the best of my knowledge, they were not combining their forces, at least at large scale.

Well, now they do.

SEO specialists from Poland identified one of the factors which are currently heavily used by Google to define relevancy of the search results. I’m talking about the velocity. In lame terms velocity is nothing more than the “freshness” of the particular post and links. The more recent the post is, the bigger its weight. Sure, there are many other factors that are taken into consideration as well – such as the number of incoming links, domain age, etc. I’m talking about velocity here, because that’s what allowed seo pros to exploit Google algorithm and, along with artificially generated incoming links, get millions of pages ranked for the keywords of their choice.

This is impressive on its own, though disturbing. What’s even more disturbing, they combine their efforts with hackers, and all those pages were filled with specific type of malware.

Panda Security Labs identified a list of keywords that were compromised. To be more precise, the top SERPs for those keywords displayed absolutely irrelevant results linked to some domains in Warsawa:

http://www.webpronews.com/topnews/2009/04/14/seo-blackhatters-target-ford-via-google

On second thought, it doesn’t mean that hackers and SEO pros are from Poland. It only means that they control the server in Poland, and the domain from Poland.

There is no doubt that everyone who even occasionally uses the Internet should be aware of its dark side. We all know the advantages of Internet, there are so many of them that it would be extremely hard to list them all. However it doesn’t mean that we should neglect the troubling facts that new scams and frauds are born almost every day. Internet fraud is popular among scam artists all over the world.

Certainly it’s a pity when adult is trapped in one of such scams and his or her financial stability is either at risk or completely destroyed. At least adults should know better, scam artists often play on people’s emotions and desires. If adult became a victim of a scam thanks to his or her own greed or lust, well it’s his/her fault. Read the Bible or the holy book of any other major religion and you’ll see that almost all of them describe the sins in similar ways. So if somebody tries to collect the lottery million dollar “winning” or is too lazy to use the basic rules for safe online banking, that’s his/her problem.   

But when we’re talking about children, it’s a whole different story. When adults are looking at the scam offers, they know on the subconscious level that something is not right. The voice of their experience warns them about possible trouble. Whether they listen to this inner sense or not, it’s their choice.

Children don’t have any substantial experience yet in dealing with real life situations. Hence it’s our responsibility as adults to make sure kids know about possible traps that they can encounter online.