With merely a bad service or product, we might push for a discount or refund, and write some negative reviews about a company at various ratings sites like Yelp. But, when it’s an actual scam artist, it becomes a question of how to reach them in the first place, and then how to do anything that they’d even feel.

In the local search marketing world, many of us have noticed a spate of bad actors who are setting up fraudulent business listings (perhaps even operating under bogus names), and once they’ve lured people into doing business with them, they abscond with fees in return for shoddy service or no service/product whatsoever. So, there are some basic issues around how they are operating with impunity, promoting themselves online (sometimes out-ranking bona fide established local businesses), and then taking consumers’ money with zero accountability.

So, here are some tips we’ve made to help you REACH LOCAL SCAM ARTISTS and even thwack ‘em!  You may not be able to get your lost time and money back, but you may get a little justice or you might be able to declaw these bad guys just a bit so they can’t prey on other consumers as easily.

Tips To Reach Local Scam Artists & Thwack ‘Em:

• Get them de-listed! Is it a bogus local listing in a directory or search engine? In other words, if you drove up to the street address they’re listed under, is there an actual company office there where you can talk to an employee of the business? Bogus listings have been a dire problem where some services like locksmiths are concerned. If there’s no business representative at the place where their online address is listed in Google Maps, Bing Maps, Yellowpages.com, Superpages.com, etc — then, that is a bogus listing. For these cases, contact the search engine or directory site and inform them that it’s a bogus listing.
• Narc on ‘em! If someone is dishonest in one thing, chances are they may be doing other bad stuff, too! Look critically at their website — are they using someone else’s copyrighted text or images? If so, inform the people they’ve lifted content from, and this could get their sites delisted from search engines like Google if it’s reported properly.  The Digital Millennium Copyright Act (or “DMCA” law) allows owners of copyrighted material to demand that sites take down content which has been taken from them.
• Reveal who they are! In times past, all sorts of conmen would set up websites pretending to be someone they weren’t. But, people can’t always hide behind a webpage any more — you should familiarize yourself with looking up domain name registration information. The URL domain name of the website of a scam company might, just might, let you discover the name of the person who set up the business. You can look the URL domain name owner information up at many different “WHOIS” services out there, although I prefer the Domain Dossier provided at Hexillion’s Central Ops. Go there, type the domain name (“example.com”) of the bad company into the search box, then hit return. Under the Domain Whois record, see who it is that is listed under the Registrant information. In some cases, the bad guys will have obscured the info by using some front company to hide who they are. Even so, you can see who is providing the domain registration service for them, and you could use that info to contact them through an attorney’s note and demand that they tell you who is behind a site so that you know who you’re dealing with.
• Complain to their website host! The Domain Dossier also reveals where the website is being hosted. Using this, you can figure out who their ISP (“Internet Service Provider”) is, and you can call them up and complain that the website is fraudulent/criminal. Some ISPs may then determine that the scam company has broken their terms and conditions, and this might result in them pulling the plug on the scam website.
• Check out the IP address of their website’s domain, too! Websites are often co-hosted on a server along with many other websites, so if you search to find out what other domain names may be associated with the same IP address, you might discover other sites and other businesses that the scam artist may be using as a front. Tread carefully with this, though, because they could just be using cheap hosting, and other domains on the same IP address may be completely unrelated to your bad guy.
• Reverse search on the web and in local search engines by the company’s phone number. This may further reveal other businesses that the bad actor is using to take advantage of people.
• Discover the business owner through the local tax office. In many localities, con men obscure their identities through using “doing business as” or “DBA” names, and these may be required to be registered with local tax offices in order for bank accounts to be set up. Contact local tax offices to see what they have filed on business names in order to help you reveal the persons responsible.
• Thwack ‘em with negative reviews! Be sure to rate them negatively in Google Maps, online yellow pages, Yelp, and at the Better Business Bureau. When searching for their type of business or by their business name, carefully look at what pages and sites are ranking. Any page which lists this business might be an opportunity for you to go in and disclose how they treated you and what your experience with them was. In one widely-reported, egregious case, a reprehensible online merchant received numerous bad reviews online, resulting in coverage in an article on the New York Times, and ultimately the owner was arrested and will likely face criminal charges.
• Blog about ‘em! If you already have a blog, write a post with the title begining with the bad business’s name and describe your interactions with them. Honest description of what they did to you could really hurt their bottom line! There are many cases out there of how individual bloggers have taken even major corporations to task, resulting in serious impacts to a company’s business.
• Report them to the authorities! If what they did to you was illegal, report the company to your local district attorney’s office, and to the state attorney general. Ask your local police for suggestions, and report the company wherever they may be operating.
• Take away their phones! In some cases we know of, locals complained to the phone company about a local scam artist that set up multiple, bogus online listings for their business, and the consumer complaints resulted in the bad guys losing their phone numbers. The phone company might be a good resource for getting info on the real names of owners behind the scam company, too.
• Take ‘em to small claims court! Assuming your total dollar amount isn’t too big, file suit against them in small claims court. You might not be able to get them to show up, or even pay, but it can be useful to you if you go through the process to get a judgement against them. You’ll need to’ve found a way to indentify the true company or individual’s name behind the scam company already, though.
• Form a mob! Know others targeted by the same scam artists? Get them to join you in reporting the offenses. There’s not only safety in numbers, but believability and priority. If enough people report the same company, it becomes progressively harder for the complaints to be ignored or neglected.

Using these tips should help you to actually reach the local scam artists, and thwack ‘em where it hurts!

If you have additional ideas for thwacking the bad guys, please add them below in the comments.

Here’s Quova’s description of the innovations:

“Quova’s newly added patent describes a method for determining the geographic location of an Internet user based upon combining trace routes, user registration information, host names with textual patterns that reveal geolocation information and Internet Service Provider (ISP) service area information. These trace routes describe the pathways by which data moves through the Internet. Each node or ‘hop’ in the trace route is identified by an IP address. These interconnected nodes can be used to recreate the topology of the Internet. Each geolocation can then be assigned to these IP addresses in order to determine the location of each node, up to and including the end user’s IP address and the geolocation of that end user.”

I previously have written about Quova in my extensive article, “Geolocation: Core To The Local Space & Key to Click-Fraud Detection“. My earlier description of them reads practically as an endorsement – something I very rarely do at all. But, I think what I wrote is pretty accurate, overall. Quova is considered pretty much best-in-class of the companies providing geolocation data mapping, because of their greater variety of geo data sources, their more sophisticated mapping methods, and because they actually submit to a third-party audit for data accuracy.

As I’ve described previously, there are quite a number of providers out there which try to associate endusers’ IP addresses with geographic location coordinates, but I’ve always been a really huge skeptic of the overall error rates associated with this type of data. In the past there were estimates that geolocation error rates could be anywhere from 50% to 85%! For marketers attempting to precisely target ads and content to geographically cohesive groups, such high error rates were far too high to be acceptable from my P.O.V. five years ago.

For all geolocation data companies, error rates increase as the geotargeting level becomes more precisely granular. In other words, most of these companies likely have very high accuracy for country-level geolocation capability, lesser for regional targeting such as state or province level, less than that precision for city-level, and lowest accuracy for ZIP-code or postal-code level targeting.

I’ve also been highly skeptical in the past because there’s a low ability to actually test how accurate a given company’s data may be — most testing is based on sample sets which I’ve suspected may be highly skewed towards more accurate geolocations. Anecdotal stories of erroneous geotargeting have come up repeatedly throughout the industry, while there are few ways of calculating actual error, and geolocation data companies reiterate unverifiable claims of accuracy rates.

However, innovations such as found in this patent awarded to Quova help in improving the stature of the whole industry, and really help to reassure marketers and security administrators that the data is solid. I can critique testing methodologies for auditing the data, but I get less strident about it when I can see that the methods by which the data was arrived at are improving and are far less prone to error rates.

Since increasing amounts of advertising targeting are being based upon geotargeting, and since so much of our security screening of PPC ads’ click-through results are being based upon geolocation data as a major component of analysis, I think it behooves companies to use very high-quality data. Quova’s historically high price tags have caused some to look for cheap and easy alternatives, but people should be very careful about the methods used by those other companies. In many, many cases, the cheaper alternatives equate with far less sophisticated methodologies, which also equate with higher error rates. And, auditing undoubtedly also adds overhead to the pricetag, but using data that has zero third-party checks will open companies to greater liability.

Most of the cheap companies are using only ARIN network data which has a lower accuracy level than if it was further enhanced by data from major ISPs and network tracerouting.

Except for the simplest applications which do not involve security and fraud analysis, I think that Quova’s industry-leading patents in geolocation make it so that other geodata companies’ products cannot realistically compete in this arena.

Kids playing at a park in Google Street View

A video on the site presents Stacie Runemap, Executive Director of the organization, outlining how Street View shows pictures of neighborhoods, homes, playgrounds, schools and pics of kids. She further describes how Google Maps can be used to plot distances from your doorstep to bus stops and schools, suggesting that child predators could use the service to plan attacks or kidnappings. The site elsewhere describes how to request that Google remove photos from Street View.

It’s not the first time that Google has taken heat for the Street View service. Privacy advocates and individuals have complained about how the service can take pictures that reveal interiors of homes and display activities of people who may wish to keep their activities private. Some towns and individuals have demanded that Google remove pictures of their areas.

Bowing to pressure from the European Union and others, Google instituted a program in May of this year to blur the faces of individuals caught within Street View pictures.

Internet search and mapping systems have long been criticized as potentially useful for stalkers and other criminals. It seems clear that with increased convenience, usefulness and access to information come some level of risks and trade-offs.

Is the Stop Child Predators organization’s concern over Street View truly valid or an effort to get attention by attacking a well-known target? Thus far, I haven’t heard of any incidents of stalking or attacks being enabled by Street View. Further, child abuse statistics state that 95% of victims know their attackers already and most kidnappers are family members or acquaintances — perpetrators who would likely already be familiar with children and who probably already have knowledge of their street addresses, schools and so forth. In this context, focusing concern on Street View would seem to be a bit like closing the gate after the horse has already bolted.

San Francisco playground in Google Street View

I’m supposing that if other organizations join in by expressing concern about pics of children in Street View, Google might have to go further than just blurring faces to blurring out children altogether.

One aspect of search rankings I’ve written about before is the theory of a site’s quality — a “quality score” very likely is applied by Google (and to lesser degrees, Yahoo! and Microsoft Live Search) to quantify how much they may trust a site for ranking purposes and for users’ safety. There are a number of factors which might feed into a site’s quality score (including Google’s human quality auditors’ scoring), and one major factor that could be used might be a site’s Privacy Policy.

Privacy Policy pages are supposed to disclose to users how the data resulting from their interactions with a site might be used by the company operating that site. Simply the fact that a site *has* a Privacy Policy page posted could very well set it apart from a great many “thin-content” domainer sites and other sites of very low quality. Most major corporation websites and Internet Retailer 500 sites sport a Privacy Policy page, so sites which do not offer a posted policy for users to read may be earmarking themselves as being somewhat suspect or of lower quality.

Also, sites which do not offer a “Platform for Privacy Preferences Project” or P3P protocol in page headers or in a file on their site servers might also be indicating a slightly inferior status.

Taking it even a step further, what if there were algorithmic means of detecting whether a site is actually *following* their stated practices in their posted Privacy Policy page and P3P? Certainly, it seems entirely credible that engines like Google, Yahoo! and Microsoft Live who might also have access to email spam reports could compare the frequency of such reports along with the offending notes’ originating IP addresses and domains and see if the websites at such locations have Privacy Policies which seem to be seriously out of sync with what they’re actually doing.

So, for the sake of insuring that your site passes some potential quality scoring assessments, I suggest the following:

• Have a Privacy Policy page, linked from most of your site’s page footers, which humans may read;
• Follow P3P standards by having an HTTP head declaration, or HTML header declaration, or XML file stored at /w3c/p3p.xml on your server so that you’re disclosing your privacy policy in machine-readable format;
• Periodically review to insure your posted policy is accurate;

Increasingly, quality issues are impacting a site’s natural search marketing presence, so keeping a handle on the factors that can impact quality scores is becoming a vital component of search engine optimization.

Some companies are not following their own Privacy Policies, according to this Forbes article published today. That article indicates that many companies’ security and compliance officers are unaware of the actual privacy practices followed by their marketing departments. This indicates to me that there’s also a high likelihood that many companies are likely posting privacy policy pages and P3P files which are incorrect as well.

These companies are courting disaster in terms of negative publicity as well as their rankings in search engines by being out of compliance with their own stated policies.

(Also check out this other detailed article on the subject by Bill Slawski, “Privacy Policies And Search Engines“.)

I previously wrote about NebuAd, and I highlighted that one major hiccup I saw with their business model was consumer sensitivity associated with private data.

It appears that NebuAd is facing the consumer resistance I earlier predicted.

This deal will help make Yahoo! Search results far safer for innocent users clicking through to new sites, and it will likely enhance the comprehensiveness of McAfee security products for all of their software users. Viruses, spyware and other forms of malware are very often tied to internet sites. Some webpages are little more than Trojan Horses, for instance, pretending to be a reputable site, and attempting to lure the unwary into typing their passwords in for banking, credit cards, eBay, etc — all so that the unethical people responsible may steal identities, empty out bank accounts, and charge up credit cards fraudulently. And, there are many other types of exploits tied to internet locations, including sites which start to download invasive software and viruses into one’s computer through the browser interface.

The Yahoo/McAfee partnership appears to me to be very valuable to both parties and to the public.

The deal is also likely to provide something of a cost savings to Yahoo!, I would guess, since it could pave the way towards reducing their costs of working to identify malware sites. McAfee is an industry leader in this sector, and contracting for their services could allow Yahoo to not have to duplicate so many security and scanning types of functions.

When you use the button by entering a keyword phrase and hitting the “I’m Feeling Lucky” button, Google sends you straight to the very first webpage in their results that matches that phrase.

Spammers have apparently found that they can embed links like this one for Natural Search Blog to the Google I’m Feeling Lucky functionality, and their emails will bypass filters that would automatically catch lots of blacklisted and spammy-looking URLs. Email filters allow links to search engine results through because many people may genuinely send such links to one another.

It was just the day before yesterday that I wrote about how a guy was using the I’m Feeling Lucky button to enable some cool linkbait involving Chuck Norris. That was a benign use of the application, whereas using it to obscure links to evil spammy sites would definitely be unethical/black-hat.

So, how will this get fixed? I’d expect that Google may have to lock down their “I’m feeling lucky” functionality so that it only works for users referred directly from the Google homepage, and from the Google Toolbar (if the user has enabled the I’m Feeling Lucky button on the toolbar).

Behavioral ad targeting is nothing new on the internet, and I easily recall it being offered in one form or another as far back as about 1999. In fact, 24/7 Real Media currently offers behavioral targeting through their ad network as just one case in point. So what’s new with this incarnation is the way in which NebuAd collects data to base the targeting upon. NebuAd’s innovative twist on behavior targeting is based upon monitoring individuals’ internet browsing habits through their ISP, essentially seeing all the sites and pages that a user visits.

Other online behavioral targeting models are likely based upon ad networks cookieing users on all the sites where the ad network runs ads. This may leave a lot to be desired, since users are likely visiting a great many sites outside of the ad network, leaving them a little in the dark as to what the users may be up to currently — if a user only visited one or two ad network sites, there could be insufficient context to really make any sort of behavioral assumptions. NebuAd’s data collection method may provide them with the ability to more accurately target ads for far more site visitors.

NebuAd has already partnered with a few ISPs like CenturyTel to get access to their subscribers’ surfing data. NebuAd uses a sort of network appliance hardware to sniff out the sites/pages that users are requesting through their ISP’s network operating centers.

The few weak links I see in NebuAd’s approach are (1) the sensitivity associated with online privacy, (2) their dependence upon persuading sufficient numbers of major ISPs to cooperate with them, and (3) users coming in from ISPs which are not data partners of NebuAd, making them harder to profile.

On the privacy issue, NebuAd claims they do not generate a database that could be leaked or subpoenaed, since they encrypt user-identifiable data like IP addresses in a one-way hash. It all sounds good, but as consumers we just have to trust them that this is all handled well, and it only takes one server to be misconfigured and IP data starts getting logged.

The subpoena bit is just PR-spin, too, since a government agency or lawyer can still hit them with a subpoena to fish for anything that might accidentally be there.

Just a few years ago, DoubleClick bought Abacus Direct, intending to mashup online browsing with offline purchase habits in order to enable greater behavioral targeting. There was such intense public outcry over privacy concerns that DoubleClick felt compelled to halt the integration of the Abacus data. So, it nearly doesn’t matter if NebuAd does safeguard privacy well enough — if people are creeped out by having ads appear which seem to know what they’re up to, they might lash out at the advertiser, the ad network, and maybe even their ISPs.

On the second issue, will NebuAd get enough ISPs to partner up with them? They’re apparently already partnered with a number of ISPs, thought they won’t say who. This makes one suspect that perhaps those ISPs could be keeping the behavioral profiling a secret from their subscribers — something that would appear to run against the NebuAd pro-privacy stance.

NebuAd says that they require ISPs to allow users to opt-out of the profiling, but ISPs frequently bury subscribers under reams of privacy terms and conditions fineprint to the point where few subscribers can actually figure out what’s done with their data.

Many users are browsing the internet from work or school, and I suspect that corporate and educational networking departments will be unlikely to participate by providing NebuAd with their users’ data. So, there could be a substantial number of users that NebuAd will be unable to profile and target.

Still, all things considered, NebuAd may have built a very compelling business proposition — they could be positioning themselves to eventually be acquired — they’d make a very attractive advertising component if coupled with various other targeting technologies like geotargeting, demographic targeting, keyword targeting, contextual advertising, etc.

Here’s one suggestion I have: allow users to personalize Google so that if malware’s been detected, the links don’t appear in the SERPs at all. You could set this as a default setting for all users, and then allow those who desire unscreened results to just opt out of that.

If you’ll ban sites for getting overly aggressive at optimizing themselves to be found, why would you keep sites that may be deploying software to make zombies out of user’s PCs?

The request to help is one more good method for fighting malware, especially since sites can start deploying malware at any time, even right after Google has spidered them. However, I’d still be interested in hearing why a number of apparently legacy black hat tricks were able to work in the first place, which enabled this particular attack to have some teeth.  Just last week, Matt Cutts noted another case of easy black hatters which they’ve recently caught.

Zalewski has an established history of exposing security holes in various software products, particularly the Internet Explorer and Firefox browsers…

I can’t help but wonder if they could be wanting him specifically to help vet a Google Browser. As you may recall, there’s been supposition for years now that Google could be looking to build their own browser. Although Google executives have previously demurred, saying they would only build a browser only “…if we thought there was a real user benefit,” whois records show that they must’ve considered that very possibility since they registered a domain name for “gbrowser.com“.

Of course, Zalewski’s talents could be intended to be used on any of a number of other applications such as the Google Toolbar.

We can’t completely escape the fact that having their own browser could be very advantageous and complimentary to their various other products and initiatives, particularly as they are now competing overtly with the various products from Microsoft.