Convert2Media

Fraud Fridays – Email Cloaking Fraud

Posted by: Ruck under Performance Marketing

10

Today’s Fraud Friday installment brings to light quite possible a semi retarded china man. I only say slightly retarded because if he was fully retarded, he wouldnt be able to pull this off. Unfortunately for the industry he is only partially retarded and putting the absolute hammer down with his crew on credit card offers. He is highly sophisticated with multiple companies, aliases and a boatload of websites. The man’s name is Huang Feilong and despite what he might say, he is completely full of shit.

Who knows who helps him here. The method known is that hired actors phone into networks for account approvals. These hired actors could quite possibly be some of your best Search Marketing, Email or any other marketing method type of publisher. Yes, it’s a sick reality. Unfortunately, most networks that these publishers work with either dont know or they actually nest these publishers. We may get into that later. It hasnt been decided whether or not to get into another networks business yet or not. Preferably, I would much rather focus on the fraud aspect here and hope that networks do the right thing.

Anyway…

The method works that a highly educated publisher is hired to phone into the network. I really dont care how good you think your prescreen methods are, they’ve gotten past us, they certainly have gotten past you. The domain to check for is: xrayemails.com

This domain comes to the industry from an actual domain registrar that a frauding organization owns. I’ve said that these organizations are highly organized and hire actors (actual publishers) along with a domain registrar owned by the frauding organization only solidifies that. They have thousands of domains with thousands of websites built at their disposal to be used. We can cover that later. Let’s talk about xrayemails.

Xrayemails.com serves as a cloak for fraud. Typically you will notice this in your referrers. The referrers are designed to full affiliate managers into thinking offers are being emailed. Example:

The first website listed in the referrals is the site the frauding applicant used to sign up. The other red lines are indicators of other profiles and/or people that are involved or used to sign up for the offers. This basic common stupidity and really easy to figure out. I’m surprised we have not seen something smarter than this considering the amount of resources the fraudsters have at their disposal. There are many things regarding stupidity that can be said on their behalf but we can continue that later.

To the common affiliate manager, this looks like common referrer data from an emailer or some other legit form of refferer data. It simply is not. This site is owned by frauding organization that has their own domain registrar. As if the sites these morons built weren’t bad enough, they also copy exisiting sites and businesses online. You can see that clearly here where Huang Feilong got caught in that very act.

Be on the lookout, if this referring data is coming to you, your being frauded. Take a look at the application of the perp doing it. I bet it’s spectacular and you even called this affiliate. In other news we have more freelance job postings this week looking for CPA Network Approvals. We have tightened our approvals and security even more because we are specifically targeted on this list:

About the author

Ruck Ralph Ruckman is the Co-Author of IM Grind and current CEO of the Convert2Media Affiliate Network. Ralph is a highly respected Blogger and Public Speaker concerning Internet and Performance Marketing as well as a Moderator at the Wickedfire Internet Marketing Forums. You can find him rambling on Twitter @ruck

Pingback & Trackback

Comments (9) Leave a Comment

  • Martin91

    ROFL, this is hilarious. I wonder if he’s the same guy behind sending tons of clicks from china to socialmedia.com for months, without getting caught.

    Reply
  • xrayemails

    Hi, I am the co-owner of xrayemails. I am really angry after reading your article. First of all I want to let you know, if you do not take back all the stuff you made up in the article, me and my partners holds the rights to pursue legal justice. Secondly, if you are a new comer into this industry, I will forgive you for your ignorance. Let me tell you what xrayemails is.
    Xrayemails is a ptr website formed at the end of 2004. Ptr is a normal form of incentive site in the ad network, using ‘cashcrusader’ script which is common in incentive websites. The way ptr runs is, advertisers buys ads from our website, as long as the actions codes or ad content with the basic rules, we will release the ads to members. Members get rewarded for visiting ads. The rules I mentioned, basically just excludes porn, virus, anti-humanity, revenge, etc. Later while all kinds of frauds appear, we added the rule that ads with hidden iframe or something like it will not be released. Almost 90% of these websites are honest with similar rules. These honest ptr site owners are fighting frauds every day. We screen members for their honesty of their nationality, whether members use tools to click ads, whether they use fake information, whether the advertisers added inappropriate information after the ad has been released. So to say, the web owners are the first frontier against frauds.
    But here you claimed, without an understanding, that our website and we are a group of frauds. Are you solely judging on our partners’ nationality being Chinese, or the domain name she registered in? If you just totally have no idea what ptr is I recommended you to wiki it. Ptr is just a platform for releasing ads, just like your affiliate programs, just more basic,more personal and much smaller. The incentive is to reward the visitors directly.
    From your screenshot you say there is problem regarding the traffic. Potential traffic from emails is a way for ptr to promote called “paid-to-promote”. This is a strictly regulated way of promotion. Members generate revenue by purchasing ads and ad spaces with the ids shown in your screenshot. The actual revenue depends on the situation after visiting. To ensure the profit of the advertisers, there is strict screening of sites qualified. There is also screening for the traffic through its members. Members will be suspended once discovered of fraud traffic. I suggest you do some research about this process. There is nothing hiding in these emails. Most of ‘paid-to-promote’ traffics just came through emails.
    Ptr is a very small personal business. We hate frauds more than you do. Frauds can lead to the destruction of the entire industry. I am seriously offended by your claim without even the very basic understanding. Xrayemails is a website that members all around the globe can apply. You could spend a little to register and see how the entire process is running. There are possibilities of we being abused by others, not to abuse others. If your members offer ads at our site, we will release them if their code with our requirements. How on earth do we know if their code with your requirement? We can only enforce our rules within the site, knowing what’s qualified to be released, and release those that have been paid.
    I found your statement of we being just a group of domain registers are very funny. Xrayemails was first founded by and another guy, who now works for Google. He cannot continue because the situation of conduct for his current job. We changed the domain name to the current one in 2007 because the original provider went out of business. What you said to be domain registers do not exist at all. As far as I know, my partner selected a renowned company, not a single person. This provider also serves for many government agencies and business entities. Are you saying those entities that have little web ads are also frauds because they are using this provider?
    Whether you want to believe these or not, it’s inappropriate to denounce other sites based on simple imagination as an account manager. If you are not willing to take back what is incorrectly stated about our website, we have no choice but to pursue legal justice. We will have adequate evidence like records of purchase, records of advertisers, records of changing domain names, and histories of ads offering, including the source of traffic and member promotion information. These will enough to prove the legitimacy of our website, your mistake and acts of vilify.
    I have one suggestion for you. In the future when similar things happen, find a web owner like us and co-work. Don’t just using simple imagination and vilify. If you find someone cheating using the platform of ptr, you should expose it in the industry bbs to inform more ptr web owners, and work together to terminate such acts. Vilify is never a good move. Again if you do not withdraw what was mistakenly stated above, we will for sure seek legal justice. Screenshots have been saved to use as evidence if needed.

    Reply
  • Huang Feilong

    fuck your asshole .ruck .and kill your all family

    Reply
  • Ruck

    Xrayemails – Seek all the legal justice you want. It aint coming down moron.

    @Huang – That’s all you got?

    Reply
  • rileypool

    Haha! Ruck FTW!!!

    Reply
  • Ruck

    I’ve responded to you both:

    http://www.convert2media.com/blog/2009/04/13/frauders-fight-back/

    Reply
  • rlc

    Not only are there freelance jobs offering CPA account approvals but also full websites, eg cpaapproval.com

    Reply
  • jakesmith

    I didn’t know where to post this, but I though you can focus on this for one of your Fraud Fridays.

    So, if you want to fight some real bad stuff, here ya go:

    You need to check out this software called cpaxtreme that’s getting distributed via torrents and downloads. It let’s the distributor get $$ for email submits on countless CPA networks.

    Very, VERY shady stuff!

    Here’s more details….

    ———–
    http://www.pay-per-install.org/buy-sell-trade/4667-cpaxtreme-complete-blackhat-money-making-system-sale-now.html

    ———–

    Video of admin area of the software:
    http://www.screencast.com/users/SornSoft/folders/Jing/media/fc86ead2-57d5-4bf8-8830-69353212de62

    ———–

    Description from owner:

    Features:
    * Custom Installer
    * Client Software
    * Mass Offer Tool
    * Built-In Geo-IP Functionality
    * HBH Technology
    * Ratio Buffer
    * Full Web Administration Panel
    * Full Statistics
    * Custom Referers
    * Page 2 Submissions
    * CTR Ratios (You control the CTR)
    * PG2 Submission Ratios (You control the ratio of PG2 being completed)
    * Free Updates

    What does it do?
    Makes you money, plain and simple.

    How does it make me money?
    Through the system it collects valid email addresses from your users, installs a client software onto their PC that sits and fills out CPA Email submits.

    What are Email Submits?
    CPA Companies,such as Incentaclick, MaxBounty, CPAStorm..etc have certain offers that only require your user to enter a email address into a form, for various thing such as free Xbox 360′s, PS3, Diapers, Cars you name it. Well for each one of these email addresses the advertiser pay you for .80 to $4.00, this is where CPAXtreme take it to the next level.

    Will they find out i’m doing this?
    Chances are no, but with every Black Hat method there is always a risk of having your account banned. However CPAXtreme employs HBH Technology to help keep the numbers looking right.

    What is HBH Techonology?
    HBH is short for Human Browsing Habits, CPAXtreme simulates regular browsing habits for each user, all the while padding your CTR (Click Through Rate/Ratio) enough to not draw attention. Adverage CTR for CPAXtreme is about 10%-20% just about right for normal campaigns.

    Ok How bout some examples of the money I can make!
    I wouldn’t want you to purchase this without some sort of proof, These are my personal testing numbers one network (Incentaclick I ran CPAXtreme from Dec 15-31 2008) and the other I ran from Dec 20-31 2008 (MaxBounty) And here are those number.

    $909.35 total from both networks and this was with me, not pushing it to it’s limits. What are those limits? What ever you set them to be, it’ll make you as much money as you allow it. Plus all depends on your distribution method and your drive to make serious money.

    As you can see in about 1/2 a month the software pays for itself.

    How can I update my offers?
    Glad you asked, as long as the client software is installed on your users computers it is waiting for offers to complete after it runs out of offers it hasn’t already completed. So through the Web Admin UI Panel you can Manage all your offers through there, this includes adding new offers or deleting outdated and canceled offers. It’s super easy!

    Ok so what is the price of the complete system?

    CPAXtreme Standard – $100/mth Subscription AVALIABLE NOW!

    SERVER REQUIREMENTS
    NONE : All hosting is now taken care of for you.

    ———–

    Unbelievable, huh?

    Reply
  • Ruck

    Good lord Jake. I’m going to dig into that post a bit more but a hige thank you for taking the time to put that out there. Wowza man.

    Reply

Leave a Comment

Please Note: Comments will be under moderation after you submit your comments so there is no need to resubmit your comment again