Misdirection on the Internet

Vince Steckler 1 Apr 2010

Misdirection on the Internet

Having over 100 million users has its downside—it means that users searching for Avast are also a prime target of scammers as well as legitimate companies trying to piggy-back on our name recognition. Every day we receive complaints from people that have been scammed. Some have been scammed into paying to download a free copy of Avast. Others have been tricked into buying a product they thought was Avast but was not. This happens in many different ways but at the core is the greatest scourge of the internet—socially engineered scams and deceptions. Thieves and even legitimate companies are masters at taking advantage of people's natural penchant to trust others. Some scams are quite blatant and most of us would consider them theft or cheating. Others are much less obvious and may even be considered zealous marketing and selling. One finds such deceptions in search results, on download sites, and even in internet domain names.

Cybersquatting (http://en.wikipedia.org/wiki/Cybersquatting) is a common means of scamming a user. In this someone (or another company) uses the Avast name to sell their own products—real or fake. This sometimes happens with competitors but most commonly cybersquatters are individuals trying to "extort" a payment in exchange for selling the name to us. We recently paid a British woman living in the UK a significant amount of money to buy the name www.avast.jp (Japan). We should not have done that—we should have taken her to court—but it was cheaper to just pay her. In the future I don't think we will pay any such person. It sets a very bad example. Also in the UK is www.avast.co.uk. It is legitimately owned by a plumbing company named Avast but for a long while was being used to misdirect Avast buyers to other products. It is now being used legitimately and we have no issue with it. After all, we are not the only company in the world named Avast and there is no chance a British Avast customer would be misled when they land on a plumbing site.

Cybersquatting sites are also the leading source of complaints we receive from users that paid for a free copy of Avast. There are a number of such sites going by names such as helpmedownload.com, downloadnow.com, etc. Here they are leveraging the Avast name and the download.com name (a major English language download site) to scam users into paying. They typically sell a yearly download subscription to Avast and some of their own (usually useless) content. They charge $5 - $10 a month (non-refundable and paid up front of course) and then provide the user a link to our download site and a Free Antivirus key. We have a list of hundreds of such sites and also have the black-listed in our product.

Selling fake AV products is one of the most recent socially-engineered scams and has become very popular. Fake AV is a program that does not do anything wrong and thus was initially difficult for real AV programs to detect. Instead of trying to steal information or do bad things to a user's computer, all it did was pop up a real-looking message pretending to be from the user's antivirus program. This message would tell the user that they were infected and that the infection could be fixed by buying the product. After buying the fake product, the message would of course stop. One of the recent sites even offered toll-free 800 number ordering support for customers that were having problems ordering online.

We drive a lot of traffic to download sites and in exchange for hosting our downloads, download sites sell advertising space on our download pages. For example, here is a popular English download page. Notice the three big download buttons—only one of which is for our product (which was the product that brought the user to this page). Sometimes we even see the traditional large competitors buying these advertising spaces. There are also download sites I have seen where it is almost nearly impossible to find the download button for our product amongst all the advertising links.

Web searches also can deliver a lot of misleading advertisements. Below is a US-based search for "download avast". Notice that in addition to the search results, 10 ads are also served up. And only one of these ads is for Avast. One would not expect that someone that is searching for how to download avast is looking for these other products but apparently enough users are interested or get misled to make this advertising profitable. A lot of this may also innocent. Ad placement software may automatically place many of these ads. For example, an advertiser may want their ad placed with searches for "antivirus". The ad software knows Avast is antivirus and thus places other antivirus ads here. However, some of these advertisers are purposely buying the term Avast for their ads.

An even more egregious example is the 11 ads served up to someone that searches for "antivirus free". Only one of these ads is actually for a free product. Most of these ads are purchased by firms hoping to sell their products to users looking for a free solution. They do this by promoting a 30-day free trial and then hope to convert the user to a paid user after the end of the trial period. I find one of these especially interesting as it advertises the product as "Free" with no mention of a trial. Only after clicking on the link does the user find that not only is the product not free, to even get the trial the user has to provide a credit card number which will be charged if the user doesn't cancel the order within 30 days.

To us security is fundamentally about trust. Users trust that we will protect them during their online journeys. Unfortunately though, sometimes users trying to get to us get misled into other products or services. If you do find any misleading sites, do let us know and we will do what we can to have them removed.

Related articles

--> -->