December 24, 2007Argh! The Frustration of Big Companies
Trying to report abuse to some organizations can drive the reporter to drink (or, in my case, chocolate).
I'll begin by saying that I understand it is necessary for organizations with gigantic user bases to have ways to handle the 90% of support questions that have been asked and answered in Frequently Asked Questions areas and other online support documents. I grant you that the bulk of support questions that come in are sent by those who are too lazy to search the archive or don't know how to phrase the question. Spending corporate support dollars on staff to answer the same questions over and over must take a low priority. I even saw an ISP's site today that explicitly tells visitors that there is no email contact address for the Support Department—you must be a customer and follow the Yellow Brick Road through its automated help facilities.
Whenever I take the time to report alleged abuse to a company, I perform some due diligence ahead of time. I try to be as accurate and succinct as possible in my report. In sympathy for the overloaded recipient of my report, I get to the point and supply all necessary documentation to help them get to the source of the issue quickly.
The problem with companies who receive huge amounts of support queries is that in so many cases, they don't even seem to read my subject line, much less the brief summary of my issue. In return for my researched report, I receive a form reply answering a question that had nothing to do with my report.
Here's the latest:
Google, itself, was no help in leading me to find out what this could be, although I suspected it had something to do with advertising, probably through Google's AdSense service. I did some more digging elsewhere and learned (possibly) that links to googlesyndication.com cause the click-on-the-ad counter to fire before navigating the user to the advertiser's site. My suspicion, therefore, was that anyone who followed the phishing message's link, visited a page whose mere visit caused an ad click counter to fire, putting money into the crook's pocket (and stealing it from the advertiser and Google).
Click fraud is supposedly a pretty big deal in the high-volume Internet advertising business. I read about it all the time in mainstream business press. Advertisers fear it, and the ad-serving sites (like Google's AdSense) reassure advertisers that they're doing everything possible to counter the fraud. Thus, I thought Google's AdSense program might be interested in this potential fraud technique.
I found a Support area at Google's site, where I could choose the AdSense Program as the target of my support query. They actually provided an email address to which I could address my "question." The Subject: line of my message was far from ambiguous:
Possible abuse of googlesyndication.com
If rendering this page causes the issuer to earn a commission from a Google advertiser upon display of the ad, then he used fraudulent means to obtain that ad display and commission.
I then also included the source code of the phishing email message for good measure.
So, there it was. I had presented my case and provided enough evidence for Google to look into it.
Three days later (not too bad for a Big Company), I received a response, which began:
Thanks for your email. We'll be more than happy to provide you with
information on your AdSense earnings.
This was followed by a bunch of standard support questions and answers related to viewing AdSense earnings.
Hello? Earth calling Google!
I have some Qs for which I doubt I'll ever receive As:
- Did a human read my original message?
- If so, was that person awake/alive at the time?
- If this is a completely automated response, why did it take three days to respond?
- If I was wrong in my accusation, can you simply tell me that my fears are unfounded?
- Do you really give a Rémy's ass about click fraud?
As for what this episode means for everyday email users, the point is that clicking a link in any unsolicited email message can put money into the crook's pocket, even if you don't hand over any personal info (which this "phisher" didn't even want).
As for me on this Christmas Eve, I'm sending a big "Bah, humbug!" down to Mountain View, CA.Posted on December 24, 2007 at 10:36 AM