Due to economic considerations, Consumers Union has decided to shut down Consumer Reports WebWatch as of July 31, 2009.

Along with our parent site, Consumer Reports WebWatch, the UnSponsored Link will remain online as a consumer resource, but we'll no longer be able to follow-up on your comments or investigation requests. As such, for our last post, we’d like to highlight some of the techniques we’ve used to uncover the dozens of online scams we’ve exposed in this blog. We hope you’ll be able to use these methods to spot an online scam before you find yourself scammed.

1. Does the site provide full contact information?
Credible Web sites should clearly disclose the physical location where they are produced, including an address, a telephone number or e-mail address. Although this information is typically found on a “contact us” or “about us” page, some sites stick it in the privacy policy (usually at the very bottom) or terms of use, so you may have to do some clicking and scrolling. If all else fails, check the return policy for an address. If you’ve exhausted all these options and still can’t find an address, find another site.

2. Does the site publish a privacy policy?
Almost all sites publish privacy policies, but once in a while we stumbled across some that didn’t. Needless to say, if a site doesn’t disclose how it uses your personal information (name, address, e-mail, phone number and credit card number), steer well clear. Here’s an example of a site that published contact information but lacks a privacy policy.

3. Does the site enjoy a satisfactory rating with the Better Business Bureau?
Although some sites (particularly smaller ones) aren’t listed by the BBB, it’s still a useful barometer of a site’s credibility. For example, if you come across a site with an “F” rating, forget it. Although many sites are still rated as either “satisfactory” or “unsatisfactory,” most BBB bureaus now issue grades. The lowest acceptable grade is a C-.

Use this link to search for a business (or charity), either by URL or company name. If you’re researching a non-profit, here’s a link to an alphabetical listing of all the BBB’s charity reports. Sites that display the BBB Online Reliability Program seal are almost always trustworthy (beware of spoof seals—clicking on a real seal leads directly to the BBB rating). Although BBB-accredited businesses tend to be better, plenty of excellent sites aren’t accredited by the BBB.

Beware of sites pushing official-sounding seals. Here’s one of our favorites, the plausibly named, but laughably executed WebTrade Bureau. The only kind of “trade” going on here is yet another group of digital hucksters tying to fool consumers into paying for information on “free houses.”

Also, don’t judge a site by the number of complaints. We’ve seen sites with hundreds of complaints receive satisfactory ratings, and others with only a handful of complaints receive failing grades. It’s not the number of complaints that counts—it’s the number of resolved complaints. If you come across a site with a “No Rating,” it can mean one of three things: either the BBB file is being reviewed or updated; the BBB does not have sufficient information about the business; or recent activity requires further review by BBB. In these instances, you’ll have to rely on your own judgment. If the site fulfills the other requirements, it’s probably fine.

Here’s an example of a site with an abysmal BBB record, and based on the number of complaints (641 in early May—and 793 as of today), the worst we ever found.

4. Where is the site hosted?
If you've followed the steps above and remain unsure about a site (or are curious to see where a site may be hosted) WHOIS can’t be beat. Try searching for any site you use and trust, such as Amazon.com, and you’ll find full contact information. That’s because legitimate sites have no reason to hide the identity and/or location of their owners.

But sites that refuse to disclose ownership and location by blind registering their sites via proxy tend to have something to hide. For example, when we looked at the site ProfitLance.com, it listed a partial address we discovered was in the English town of Stockton-on-Tees (the site now says its located in Dubai—business must be booming). But we found no record of of Profit Lance (which is now flagged by Google as a "Reported Attack Site") or its owner, Michael Andrews, listed at the given address. A quick search of WHOIS revealed only that the site is blind-registered by proxy—which means it could be located anywhere and owned by anyone.

Another site we recently investigated, Defenza.com, claims to be based in Montreal, although according to WHOIS, the site is registered in the European microstate of Malta, and hosted in Russia. Similarly, WHOIS revealed that USABankruptcy Associates is actually based in the very un-American city of Montreal. WHOIS also proved especially useful in a post we did on some particularly nasty badware knows as LuckySploit. We used WHOIS to track down the registrants of a number of official-sounding, U.S. government sites hosting the LuckySploit malware ("ustreasury.federalbanksystem.net," "ustreasury.federalbanks.us," "usbanks.esecure-federal.us"), all of which were registered to cybercriminals in an improbable assortment of cities, including Austin, Erfurt, Valencia and Krasnogorsk.

5. How else can I tell if a site isn't legitimate?
If you’re reasonably sure a site may be bogus, but want confirmation, try searching for the site on the Rip Off Report, an excellent user-generated resource. One site we looked at, ProcessAtHome.com, which has thankfully closed its doors, ranks as our all-time Ripoff Report winner, with no fewer than 92 angry consumer complaints.

Another site we examined published full contact information as well as a privacy policy, but we suspected something was fishy due to the bargain-basement site design common to most online scams. So before we even checked with the Better Business Bureau (which also had its number), we ran a quick search on Ripoff Report, and our suspicions were justified.

Remember, while the Web may be an endless cornucopia of information, commerce and entertainment, it’s also a bottomless snake pit populated by thousands of cybercriminals working 24/7 to separate you from your money.

So in parting, to quote Sergeant Phil Esterhaus, "Let’s be careful out there."

Despite its name, the Pirate Party is no joke. Founded in 2006 with the launch of its website, the Piratpartiet is now Sweden's third-largest in terms of membership (it's especially popular among the young and Web-savvy), and came in fifth place in the European Parliament elections behind the Social Democrats, Greens, Liberals and the Moderate Party.

-Reform of copyright law: "All non-commercial copying and use should be completely free. File sharing and p2p networking should be encouraged rather than criminalized. Culture and knowledge are good things, that increase in value the more they are shared. The Internet could become the greatest public library ever created."

Abolishing the Patent System: "Pharmaceutical patents kill people in third world countries every day. They hamper possibly life saving research by forcing scientists to lock up their findings pending patent application, instead of sharing them with the rest of the scientific community. The latest example of this is the bird flu virus, where not even the threat of a global pandemic can make research institutions forgo their chance to make a killing on patents."

Respect for the Right to Privacy: "Following the 9/11 event in the US, Europe has allowed itself to be swept along in a panic reaction to try to end all evil by increasing the level of surveillance and control over the entire population. We Europeans should know better. It is not twenty years since the fall of the Berlin Wall, and there are plenty of other horrific examples of surveillance-gone-wrong in Europe's modern history."

As we wrote earlier this year, Webloyalty made money from customers who (often unwittingly) paid monthly fees to the consumer discount clubs it operated, including Reservation Rewards, Shoppers Discounts & Rewards, Members Specials, Buyer Assurance, Distinctive Privileges, PC Protection Plus, Travel Values, Travel Values Plus, Classmates Rewards and Wallet Shield.

In order to settle the class-action suit, Webloyalty and its fellow defendants agreed to a $10 million dollar settlement, but based on the comments of committee Chairman Sen. John D. Rockefeller IV, Webloyalty's problems may be far from over.

“The economy is hurting so many families today and we need to provide them as much relief as possible," committee Chairman Sen. John D. Rockefeller IV (D-W.Va.) said in a statement. "Thousands of American consumers have been complaining about these deceptive practices and asking for answers – and rightly so.”

Sent: Thursday, May 28, 2009 8:46 PM
Subject: Help - Please
http://www.rbausa.com
Is the above company a legit health care provider?
Mike

While we can't say for sure if Real Benefits Association actually is a legitimate health care provider, we can say that we suggest looking elsewhere for health insurance.

Why? First off, the RBA's site fails the WebWatch smell test, due to the lack of a privacy policy. The site contained a number of other read flags as well, including a "Disclaimer" link takes you to a page with temporary text, an "In the News Link that leads to a blank 'coming soon' page and a "More About Company" link on the homepage that steers you to a dead page.

Real Benefits Association Misleading sales pitch cost me $65
I called the insurance company to express my concern about being lied to by the salesperson. I was told that this particular salesperson was no longer with the company. I cancellled my policy & was told that I will receive a refund of all but $65 of my payment (which was agreed upon on the phone). Bottom line: a misleading sales pitch cost me $65, & got some untruthful salespeson a nice comission. I would not recommend anyone buying insurance on line or on the phone. Get everything in writing before you pay a bill !
David
Cottondale, Alabama
U.S.A.

Real Benefits Association Unfulfilled promises and refusal to return processing fee
I am finished dealing with this company. Although I checked it before and saw nothing last time, as of today, there are 5 complaints with the NJ BBB and the company has an 'F' for non responsiveness. I agree with that assessment. Stay away from these people if you don't want to spend your hospital stay on the phone asking if you have coverage and hoping that they will deliver as promised and pay your hospital bills.
Maryland
Silver Spring, Maryland
U.S.A.

Thirdly, as the above complaint points out, the Better Business Bureau gives Real Benefits Association an F rating, which means: "We strongly question the company’s reliability for reasons such as that they have failed to respond to complaints, their advertising is grossly misleading, they are not in compliance with the law’s licensing or registration requirements, their complaints contain especially serious allegations, or the company’s industry is known for its fraudulent business practices."

While we faulted the site for a lack of contact information, hyperlinks that don't link to anything and the fact it appears to be just another Web-based affiliate marketing program, readers took the conversation to a whole new level.

Comments range from scathing (Absolute scam!!!!!!), regretful (I bought it like a fool and it is junk..pure rubbish), defensive (Earth4energy is not a scam product. It's a great product created by Michael Harvey which can help us save our electricity usage to great extent. For more details about this product, visit Earth 4 Energy website), and technical (At $200.00 per panel that is about $67.00 dollars per amp. Most houses today require a 200 amp electrical service. That would require sixty seven panels at a cost of $13,400 plus the $49.95 for the manual.)

Is Earth4Energy.com just another of the thousands of scam sites out there, or a viable, do-it-yourself alternative to affordable energy? Decide for yourself.

The short answer is yes.

First off, Googling "defenza.com" with McAfee Site Adviser yielded results flagged with a red X and a warning to "use with caution." According to the Site Adviser report, "When we visited this site, we found that it may be affiliated with other ''red' sites." The other red site in question is cashengines.com, of which McAfee said: "When we visited this site, we found that it funds and facilitates the creation of numerous identical web sites, which charge fees for products available elsewhere for free."

Also, the fake CNET Download.com button on the homepage (Download.com doesn't recommend Defenze) didn't exactly inspire our trust.

Third Red flag, numerous negative reviews from Internet security sites, including:

EmsiI Software—Defenza is a rogue security program that shows false Warning messages. It also shows misleading scan Results. It can also install through Trojan exploits.

2-Spyware.com—We DO NOT recommend purchasing and using this product.

BleepingComputer.com—This Add or Remove Programs entry corresponds to a program that is either malware, installs malware, or is bundled with malware.

Finally, you can also read an illuminating thread about Defenza.com on our sister site, BadwareBusters.org.

Unlike Google and other search engines, WolframAlpha doesn't indiscriminately trawl the Web for information whose sources can range from scholarly journals to the rantings of lunatic bloggers. According it’s FAQ page: "It can only know things that are known, and are somehow public. It only deals with facts, not opinions."

Rather, WolframAlpha performs computations from its own internal knowledge base, more than 10 trillion pieces of information sourced from thousands of official websites, libraries and academic journals, and checked by experts.

Jonathan Zittrain, a law professor at Harvard and the co-founder of the Berkman Center for Internet and Society, describes it as a “computable almanac.”

Don't take our word for it. Experience WolframAlpha for yourself. If you have trouble wrapping your Googled mind around this non-search engine, visit the examples page for suggestions on how to take advantage of this new information resource.

"The past few months has seen a dramatic rise in the number and complexity of malware programs being used to target Apple users and the situation is only going to get worse, according to security vendors, and part of the problem may be down to Apple users themselves."

Mac users, take note.

"Concerns: Your article on Myfreescroll has some inconsistencies. I am the General Manager of The Historical Research Center. We are not a franchise business. We are a business opportunity business. Not sure where you got the 5,000 pounds as a start up figure. We have a start up package for $995.00. Unlike a franchise, all of this money is for inventory. There are no franchise fees. If you want to evaluate whether or not we are at Ellis Island, try giving the gift shop a call. They will tell you if we are there or not. By the way we have been there for about 10 years. When we filmed our ad there we obtained permission from the National Park Service. By the way, the free search on the Ellis Island web site is terrific. We use some of that information ourselves, however we also go way beyond just the immigration records at Ellis Island. Our researchers look for the meaning, origin and historical references from as far back as 1,000 years ago. Give me a call at (xxx) xxx-xxxx or send me an email if you have any questions."

Click on the link below for our response.

We got the information about the Historical Research Center being a franchise business from several sources, most notably, this site, called the U.K. Franchise Directory. It notes: "Overseas Opportunities Exist: USA Italy Spain Malta Germany [sic]." That site is where the 5,000 U.K. pounds figure comes from as well (technically, 4,995 pounds). The Better Business Bureau database lists Historical Research Center branches in Elmhurst, New York; Hemet, Calif.; Louisville, Ky.; Boston; Houston; Lethbridge, Alberta; Las Vegas; Myrtle Beach; and Santa Monica, Calif. In addition, your Web site lists your organization's address as 2019 Corporate Drive, Boynton Beach, Florida. The Historical Research Center Web site is registered there as well. We're not sure what a "business opportunity business" is, but we don't mean anything derogatory -- heck, Taco Bell is a franchise business!

We did call the gift shop on Ellis Island, and they do indeed sell Historical Research Center products via a computer in the store, in much the same way T-shirts are sold there.

Haven't got our scroll yet, but when we do, we'll give you a call and post more.

So we weren't surprised at all to come across an article in SC Magazine warning of a "malware avalanche."

According to the article, "Security firm Fortinet's April 2009 Threatscape Report identified more incidents of new and known malware infections than ever before. Fortinet said that certain countries and areas are being specifically targeted, and that China had seen the worst attacks. The report also identified online gaming sites as the most common vehicles for infection."

Read the article and make sure all your security software is activated and up-to-date.

When we located the domain responsible for all the malware to hit our machines, we couldn't help noticing a slew of malicious sites masquerading as official U.S. government domain names, such as "ustreasury.federalbanksystem.net," "ustreasury.federalbanks.us," "usbanks.esecure-federal.us," and so on.

All of them have one thing in common: they contain an especially difficult-to-detect piece of crimeware called LuckySploit, an exploit toolkit that infects unsuspecting visitors to a site via drive-by-download, installing malware that allows cybercriminals to access personal information by keystroke logging.

Sir Paul McCartney's site was recently hacked to infect visitors with LuckySploit. ScanSafe, the security firm that detected and neutralized the program, described LuckySploit as "the most advanced and sophisticated version of crimeware toolkits."

Besides trying to fool people with official-sounding domains that infect visitors with LuckySploit, some of these registrants appear to share same Internet access providers (which we've highlighted below), suggesting some level of collusion. And at least one of them (if not all) is using a fake address as well:

ustreasury.federalbanksystem.net
According to WHOIS, this domain is registered to:
Natalya Namestnikova
ulica 50 let Oktyabrya, 12-50
Krasnogorsk
Moskovskaya obl. 143400
Russia
7 495 9378720
namestnikova@bronzemail.net

ustreasury.federalbanks.us
According to WHOIS, this domain is registered to:
Anthony Dennis
4100 Red River
Austin, Texas
78751
United States
1.5124517048
ant.dennis@namebanana.net

usbanks.esecure-federal.us
According to WHOIS, this site is registered to:
Eleodora Quintanilla
Placa Major de la Vila 62
Benaguasil, Valencia
46180
Spain
34.962738614
e.quintanilla@interlayer.net

federalreserve-online.com
According to WHOIS, this domain is also registered to:
Natalya Namestnikova
ulica 50 let Oktyabrya, 12-50
Krasnogorsk
Moskovskaya obl. 143400
Russia
7 495 9378720
namestnikova@bronzemail.net

federalreserve-online.us
According to WHOIS, this site is registered to:
Laura Weaver
945 North Montana Street (The address of La Cense Beef, i.e. a false address)
Dillon, Montana
59725
United States
1.8662554958
federalreserve@bronzemail.net

ustreasury.federalbanks.us
According to WHOIS, this domain is also registered to:
Anthony Dennis
4100 Red River
Austin, Texas
78751
United States
1.5124517048
ant.dennis@namebanana.net

ustreasury.federalbanksystem.us
According to WHOIS, this domain is registered to:
Marcel Frankfurter
Gotthardstrasse 79
Erfurt 99045
Germany
49.0361784633
marcelf@liveinternet.at

federalreserve-direct.com
According to WHOIS, this site is registered to:
Sergei V Popov
Ulyanovskiy prospekt, 2-87
Ulyanovsk
Ulyanovskaya obl. 432072
Russia
7 8422 442591
popov@namebanana.net