Probably the most common Olympic Games 2012 scam is that of unofficial ticket sales. No great surprise there, but the fact that Google appears to be in on the act might come as a shock to many. So what, exactly, is going on?
A little known law in the UK is, and I kid you not, the 'London Olympic Games and Paralympic Games Act 2006' which, amongst other things, makes it a criminal offence to sell tickets for the Olympics without the explicit permission of the authorities running the Olympics 2012 event. Yet when the BBC investigated how easy it was to get just such unauthorised tickets earlier this year, what it discovered was that unofficial ticket vendors and cybercriminals alike were exploiting Google AdWords and the use of multiple backlinking URLs to do just that.
Most end users do not actually care if the source of the tickets they are buying is authorised or not, to be honest, but perhaps they should. The allure of getting the ticket for an event you want to watch, at any cost, is a strong one. But that cost could turn out to be way higher than expected, and I'm not talking about the difference between face value ticketing and the selling price from a ticket tout for want of a better word. There's also the cybercriminal angle to take into account as Carl Leonard from the Websense Security Labs points out:
"We're used to cybercriminals jumping on the latest events to fool people into clicking on malicious links and the Olympics is no different. The excitement around ticket sales for this major international event has prompted scammers into action. Cybercriminals have sponsored ads in Google that can lead to sites containing around 500 backlinking URLs. These links have been found to lead to anything from adult material, gambling and malware."
The main problem here is the usual one when it comes to online scams of any sort, namely the transference of trust. While the average punter may not be too keen on buying tickets from a website called Fred's Olympic Tickets or similar if they got a flyer through the door or saw a poster on a wall advertising said dealer, when a Google search not only throws up that link but does so right at the top of the list of hits in the form of an advert then that same user feels the link has somehow been legitimised by Google, even to the point of making the incorrect assumption that the seller has been approved by Google and is therefore trustworthy.
Nothing could be further from the truth of course, and Google is keen to confirm this by pointing out that Google "is not responsible for" nor able "to monitor the actions of each company" and Google AdWords only "provides a platform for companies to advertise their services" and nothing more.
What Google does do, however, is use an automated filtering system that checks for keyword abuse and other methods that are used by SEO poisoners in an attempt to inflate the adverts quality score and push it up the rankings to appear right at the top of any search listing. Those ads that are flagged by the automated filtering system will get manually checked and removed if found to violate Google AdWords policy, but this process can take many days during which time the advert still sits at the top of the ratings and still attracts hits for the scammers.
I use the word scammers with good reason; many of the Olympic ticker sellers that Websense investigated, for example, were found to have multiple backlinks which suggest that they had been widely spammed. One site had 500 backlinks with malicious embedded links and potentially unwanted software amongst them, another had 375 backlinks with 104 of them pointing towards objectionable content. It is obvious from this that the bad guys are using the scramble for Olympics 2012 tickets in order to make money from backlinking as well as selling tickets, assuming that any genuine tickets were actually available in the first place.
The only way to check that the tickets you are about to purchase are authorised, official and likely to actually get you access to the Olympic Games 2012 event that you think they will (and unauthorised ticket holders will simply be turned away from the turnstiles on the day) is to use the official Olympics 2012 Ticketing Website Checker .
I'm a hacker turned writer and consultant, specialising in IT security. I've been a freelance word punk for over 20 years and along the way I have seen 23 of my books published, produced and presented programmes for TV and radio, picked up a bunch of awards and continue being a contributing editor with PC Pro - the best selling IT magazine in the UK .
Not every 'keyword abuser' is a cyber scammer. I was reminded of the cute trick the Huffington Post used last year to gain traffic for the search "What Time Does The Superbowl start?" Obviously not as abusive as setting up sites to steal money from Olympic ticket buyers, but the NFL wasn't amused by it. They made sure that they came up first when you typed that phrase this year: