…If sinners entice you, do not consent… If they say, “…We shall find all precious goods, we shall fill our houses with plunder; throw in your lot among us…” …do not walk in the way with them… for their feet run to evil, and they make haste to shed blood. …Such are the ways of everyone who is greedy for unjust gain; it takes away the life of its possessors.
Wouldn’t it be nice to be rich? Not just a little rich… I mean so rich that you can swim around in your money like Scrooge McDuck. You would be completely free from the shackles of debt, free to do anything you want in life.
The Internet and Scams
The creation and development of the Internet has spawned a multitude of ways for the clever and industrious to make that kind of money online. Though many online entrepreneurs have been able to use this technology in legitimate ways, the medium itself aids those who want to disguise their true identities to trick, manipulate, and otherwise harm unsuspecting prey.
The perpetrators masquerade in various forms. Sometimes they are poor or in trouble and need some kind of help. If you’re reading this post, you’ve probably heard of this scam involving a Nigerian needing help with international wire transfers. Sometimes they pretend to be representatives of the lottery, congratulating you on your winnings (as soon as you pay the processing fee).
Just like effective sales copy, these scams work because they promise to satisfy a desire of the reader — specifically in these cases, a desire for money.
They fail because they are over-the-top… and because they have been publicized.
Introducing the Banner Ad Scam
Savvy netizen that you are, you may think that these scams are so obvious that you would never fall for one. I thought the same thing until I got this email:
Direct ad sales like this do come along from time to time, so I wasn’t particularly alarmed by this email. And I want to make some money from blogging, so I sent back a request to see what kind of banner ad he wanted to run. I got this email in response:
If you go to the website mentioned in the email, you will find banner-sized .gif images for Lacoste. In retrospect, they look pretty shabby compared to the sleek design of the official Lacoste website.
Not thinking clearly, I was still operating under the assumption that this might be legit, so I sent back a pricing offer. I expected some kind of negotiation, but there was none. (Some bloggers who have also been targeted by these people have reported that they sent back ridiculous offers, like $1,000, and they were also “approved.”) Martin replied with this:
I had never heard of an advertising company needing publishers (in this case bloggers) to install a special plugin to serve ads. It seemed highly suspicious that I needed to install this ADV plugin, so I started doing some research (which I should have already been doing).
Who is Behind the ADV Plugin Banner Ad Scam?
It turns out that the same person or people have been using the same modus operandi under various pseudonyms for at least a couple months. I got an email from “Martin Lefevre” from the “Rita Agency,” but other bloggers have received identical emails from:
- Killian Blanchard — Jino Agency
- Rayan Meyer — Bevesto Agency
- Martin Dumont — (agency name unknown)
- Jules Barbier — Marka Agency
- Oscar Meunier — Kervel Agency
- Noa Morin — Kara Agency
Regardless of the name used, the scammer sends out the same emails, pitching an ad deal for Lacoste and then requesting the blogger to install the ADV plugin. The scammers have a form website that they copy for each domain name, corresponding to each spurious company. The websites look like this:
What’s in it for the Scammer?
It’s unclear at this time what the end goal is for Martin Lefevre (or whatever her name is). If the scammer(s) are able to phish a blogger’s payment account details they might try to do something malicious with that information. Another possibility is some sort of exploit with the ADV plugin that they are using.
I’m not a PHP expert by any means and would not have been able to see exploits in the code even if there were any, but other bloggers reporting on this scam have shared that there doesn’t appear to be anything in the code as it is. Perhaps this was foolish on my part, but I ran the plugin on a sand-boxed WordPress site, and it seemed to do what the scammers said it would.
Of course, this is a huge security issue. Installing this third-party plugin opens a door to the scammers to potentially access the innards of your blog and do all kinds of nasty things with it.
Though social engineering and hackery are both possibilities, they are merely speculations. It is yet to be discovered for sure what these scammers are after.
Who’s at Risk?
Because their strategy requires the use of a third-party WordPress plugin, only bloggers who run a self-hosted WordPress blog are susceptible to this scam. Though if the exploit is through the plugin itself, it’s possible that the same kind of attack could be recreated for other content management systems like Joomla and Drupal.
I suspect WordPress has been targeted because of its popularity.
Of all the open source content management systems (CMS) available to bloggers, WordPress is by far the most popular. Famous WordPress developer Yoast recently released this infographic on WordPress usage, showing that as of March 2012 WordPress is used on 72.4 million sites worldwide. Compare this to Joomla’s usage on 1.6 million and Drupal usage on a mere 684,055 sites, and it becomes clear why the WordPress community is such a large target.
Do You Know Martin Lefevre?
Have you had any interaction with these scammers or other banner ad scams? Let us know your story in the comments below.
Update: My Site Was “Rejected”
A few days after Martin told me to install the plugin, I got this final email from him:
Another Update (1/26/2012):
As if any confirmation was needed, today I received an official word from LaCoste. After I was contacted by Martin Lefevre, I contacted LaCoste through the contact form on their website. Here’s what I wrote:
Dear Lacoste, I am a blogger and recently received an email from a “Martin Lefevre,” supposedly from an advertising company name “Rita Agency.” Lefevre offerd me an advertising deal displaying banner ads for Lacoste, however the situation seems illegitimate. I would like to know if you have any knowledge of Martin Lefevre or this Rita Agency. Please let me know if this is a true representative of your company. Thank you.
Nearly a month later, I finally got a response from a LaCoste representative:
Sorry for the late feedback regarding your email mid-December.
We had to investigate around the world with our digital agencies and legal team.
As you assumed, and you can read in the link below, this request was totally illegal and we thank you for letting us know.
So, there you have it.