When is a scam not a scam – or when is marketing a scam?
All Facebook has a new alert about Profile Spy,
…a fake application which claims to let users view who has viewed their Facebook profile. As we wrote in the past, the application is not legitimate at all. Instead, the creators of this scam attempt to convince users to share the information multiple times on their profile and around Facebook before downloading the application. The users are then asked to complete a number of surveys and register for a mobile service that will charge you $19.99 each month.
ALERT: Profile Spy Is Scamming Facebook Users Again
So my scam radar had been activated.
Next I checked on Infosec Geek’s article IT Certifications for Aspiring InfoSec 633ks. This is a perennial issue: when I ran ITsecurity.com’s Security Clinic it was the single most frequent query.
But when I went to the Geek’s site, Zone Alarm interrupted me. “This website is suspicious,” it told me. “Leave now…” I’m not sure whether the Geek would be amused or downright annoyed for his visitors to be warned off his site – I would most certainly be the latter.
Why is ZA doing this, I wondered. “This recommendation is based on how long the site has been around and the strength of its security certificate.” OK, the irony on the ‘certificate’ is noted, but it’s really not that funny. Especially when you consider that Infosec Geek has been on Blogger since March 2008.
What he has done, however, is a radical overhaul of his site design, or Finally Customized the Site Background. Is that really enough for Zone Alarm to decide the site is untrustworthy?
But notice also the last point on the Zone Alarm warning: “Get immunity from this and other questionable sites. Click to find out how.” And what happens when you click? You go straight to the Zone Alarm sales page.
In other words, what I would consider to be a false positive is being used to help persuade you to upgrade from free Zone Alarm to paid-for Zone Alarm. And if this had been any company other than Check Point I would have run away shouting “Scam! Scam!”
But it’s an interesting question: when does acceptable marketing slip into unacceptable scamming?
At the very least it shows the danger of any reputation-based warning system. Reputations can be manipulated, either by lowering the bar (as in this case), or seeding the system. I would just like to add that I had not the slightest hesitation about staying on and exploring the Infosec Geek website – and not just because AVG said it was clean. NoScript gives me that smug satisfaction of feeling pretty safe anywhere…