I've noticed on some scam forums and subreddits I frequent that scammers have been using target site's own support searches to redirect users to scam phone numbers.
On both Ticketmaster and Facebook, and many other sites, when you perform a search on their support site it spits back your query in big letters at the top of the page. If you craft the correct search and then buy Google Ads pretending to be Ticketmaster, then you can redirect users to your call center and scam them. And because they link for your ad actually links to Ticketmaster the ad passes validation and appears to be a legit link in the eyes of Google.
So, I craft a search where the search query is “call 1 800 scam”, then I buy a google ad with key word of “ticketmaster help”, the ad links to real ticketmaster with my query, and google shows that ad to someone having trouble and hey presto they call my scam line at 4 quid a minute from their mobile?
Yuck all round. I mean ticketmaster is just a sin eater for greedy popstars but yuck ..
Yes, but also it's an impressive digital Jedi mind trick on a website.
signs a question mark with hand
"This is the support number you're looking for."
And the victim is extra primed here because so many companies make it nearly impossible to talk to a human. Yikes!
Almost seems like there's room here for a grey hat to come in and use this trick to do a good faith job trying to help the customer through their problem. Then tell them at the end that a recent anti-trust suit requires them to tell the customer about alternate independent venues in their area where they can support live music.
> Almost seems like there's room here for a grey hat to come in and ...
... call the scam numbers to tie up their staff and prevent them from talking to potential victims. Someone like Kitboga could do this at scale. Where there's a phone number, there's a way.
Exactly. And when you try and help these people and explain that you didn't actually call Ticketmaster support they will tell you that they found the phone number on the official Ticketmaster website and Google said it was a verified link.
Completely unrelated tangent: Jesus Christ Reddit is such a cesspit.
Tried tapping that link on mobile, got a screen to view the corresponding post. Tapped it, and I got taken to the App Store. No thanks, force quit the App Store and go back.
Now I get a full screen notice on the original Reddit tab saying “didn’t go where you expected? Next time try the long press!” With instructions to not use private browsing and to long press any link and open in safari. (Wha? You, Reddit, are what are trying to force me to use your app!)
So I long press like they say, open in new tab, and what do I see? A large blank page that just says “REDDIT” in all caps, with the button “Get the app” on the bottom. The link was just to “reddit.app.link” the whole time.
Can’t a company who has a website, just … let me use the website? At every possible turn, Reddit HATES anyone using Reddit from a browser. They will ruin every single aspect of the website they possibly can to try to push you to the app. The entirety of reddit.com seems to be just a broken honeypot to get you to use the app instead. I just can’t fathom how a company can be that broken.
Just delete the Reddit website, it would make more sense.
> The entirety of redit.com seems to be just a broken honeypot to get you to use the app instead. I just can’t fathom how a company can be that broken.
It's their intention to have the website be a funnel so that they can get more mobile users.
I sometimes use https://old.reddit.com, though it doesn't look that great on mobile, maybe there are some other alternatives.
I know reddit will connect accounts together based on device ID, i wonder if their data becomes more valuable if you can tie multiple independent accounts together in to one profile?
Its a site where users will often have multiple login for different subjects of discussion.
> Tried tapping that link on mobile, got a screen to view the corresponding post. Tapped it, and I got taken to the App Store.
It's obnoxious, but if you really want to view the post you can switch the screenshot page to desktop mode, and the "View post" button shouldn't redirect to the App Store. The result isn't pretty but it's readable in a pinch.
(They're still not desperate enough to track the UA and detect the switch.)
But why does google allow unverified owners of a ___domain to buy ads for it? Surely only ticketmaster or agencies approved by ticket master should be allowed to do this?
Because most of the ads are created by external ad agencies, and the people involved are not competent enough to do any verification.
Source: I've also thought this was ridiculous and asked someone working on the adsense team. Apparently tried enforcing some ___domain verification mechanism in an experiment, but most companies and agencies struggled to get the verification done and of course the $ metrics on this launch dropped, causing execs to force them to stop.
Maybe a partial solution here would be to offer some kind of "___domain locking" option?
Allow sites that are heavy targets of this kind of scam - like ticketmaster - to add a "AdSense: locked" line to their robots.txt (or similar) - if that line is present then advertisers have to go through an additional ___domain verification step in order to place an ad.
Not necessarily, if you have an affiliate program or something like that you could buy ads for, say, eBay using your affiliate link in the hopes of you generating more profit than the ads cost.
One time an article about Facebook logins got to #1 and its comments were full of people mad that Facebook changed their website yet again, how can they login to Facebook, waah, waah!
On top of that, you receive private information about people from Google, because if someone calls your number, then you know that they were on ticketmaster. Replace ticketmaster by e.g. a swingers club, and now Google's ad businessmodel is
in real trouble because it leaks sensitive information.
> ticketmaster is just a sin eater for greedy popstars
Apparently Live Nation owns many performance venues and leverages their power in that market to gain an advantage in the ticket sales market. “Sell through us or you won’t be allowed to play at any famous venue in this city” kind of deal.
Don’t have any sources beyond “heard it on a podcast” though ¯\_(ツ)_/¯
I've been seeing similar scams via PayPal. The scammers apparently add the target email address as a forwarding address on a compromised or created-for-purpose email account. And that bouncer email address is signed up for PayPal. So the scam email is actually from PayPal, bounced through some other inbox. The To name and address is of the bouncer email address PayPal sent it to.
One version involves sending money to someone with the PayPal account (so the target might think it was sent from their own account) with a "note" to the transaction recipient, which the target sees, which says PayPal has detected unusual activity and please call this phone number to request a refund.
Another involves a "Your ITEM NAME order is on its way" email where the item being ordered is called something like, "Some Company, Inc: Don't recognize the seller? Call us at SOME PHONE NUMBER".
A third is like the second, except it's a "You paid CURRENCY to SELLER" email. This one has the PayPal user's name at the top, so not as convincing perhaps.
A family member fell for this while trying to recover their hacked fb account. I was around and caught wind of the call and some of the absurd steps (absurd to me, anyways) they were proposing and pulled the plug on the "support" call. The phone number was in what seemed to be a cached result of a bad search or something. '"Call us at xxx-xxxx..." not found' is what I saw. (Finding a real support number is either difficult or impossible, which makes this a good trap)
Its cool you at least attempted to do something with a bit of social connection at such a heavily targeted website.
Having personal issues with Ticketmaster's pricing methods (causing many to probably never want to do anything that might help) is a different issue than the website being used as a source for redirecting calls to fake call centers.
Since they escalated maybe something will get done. Ticketmaster would have a motivation, if large numbers fall prey to diverted call center scams it only makes their reputation flounder even worse.
(...obvious joke here would be if the scammers actually offer better support, they're just trying to steal call center business)
This actually makes sense to me; if you're an artist selling tickets on Ticketmaster, it's in everybody's interests to let you show ads for those tickets to your fans.
If only the Ticketmaster team could show ads on that ___domain, all these ads would have to go through their marketing team (and use ticketmaster's budget, with all the accounting and invoicing this requires), which would massively slow things down.
Instead, it seems that Google has some kind of protection where ads mentioning Ticketmaster must link to their official ___domain, to prevent things like this from happening. The scammers just found a way for that ___domain to display arbitrary text.
I don't mean reaching for support. I mean setting up a scam like this. It seems so bottom of the barrel scummy, creative too, but mostly scummy.
Imagine you have the creativity and criminal energy to conceptualize and operate something like this (and the rat tail of justice evasion, laundering money, etc). It seems so much easier to make money in the honest economy.
Unless of course you're operating for a rogue state...
The vast amount of warehousing in SoCal is in the Inland Empire, the logistics capital of the country, not LA proper. There's very little warehousing being done in LA and there's still ample land in the IE and high desert areas. It should have zero effect on housing prices in the area, they already moved further inland since ecommerce took off 20 years ago and only accelerated since the pandemic.
No thanks. More expensive with garbage infotainment system that violates the user's privacy. Also I'd bet the engine won't hold up well in the long term
FWIW, the Maverick works pretty much as expected if you pull the wires for the telematics control unit. (i.e. the infotainment system works minus the connectivity.)
As far as the engine, I’d bet on the hybrid engine holding up better than the ecoboost long-term.
Temu has direct access to producers of the items they sell. They know what categories are profitable, having incredible logistics directly tied to Chinese industry. Wish, from what I can getter, was just an American middle man.
Since this is California law, it helps tremendously in places like LA which were built as large suburban SFH neighborhoods but have long exhausted all free space. Building denser housing within existing SFH neighborhoods will help to alleviate the housing crisis.
Basically, yeah. It's your own little fiefdom so you can remodel the whole house how you want, you can tear up and rebuild the outside if you want, you can just not interact with anyone and become a hermit if you want. Your own singular space.
On both Ticketmaster and Facebook, and many other sites, when you perform a search on their support site it spits back your query in big letters at the top of the page. If you craft the correct search and then buy Google Ads pretending to be Ticketmaster, then you can redirect users to your call center and scam them. And because they link for your ad actually links to Ticketmaster the ad passes validation and appears to be a legit link in the eyes of Google.
Example of a crafted search term: https://help.ticketmaster.com/hc/en-us/search?utf8=%E2%9C%93...
reply