Flour Power

The Green Dragon resting at the Galway docks.

I did it. I managed to get a post to be the first Google result for a couple of search terms. And I did it 3 times, for 3 different posts, in 3 different days.

At first this sounds something really hard to do. And I guess it is, in normal situations. But on this occasion a couple of factors contributed to make it possible. And quite easy. Here’s what happened.

It started when I received a Facebook message urging me to visit some website. The message had no description of the site, and the website address was a bit obfuscated. I immediately knew it was a scam, and deleted it promptly. Later that day I got another such message and thought I might as well post it here on my blog as a way to warn people to not visit that website. To my surprise, this is what I saw just a few hours later:

At first I was convinced it was some kind of bug, but upon looking at the most visited pages I saw which one was the “culprit”. I noticed a huge amount of visitors coming from Facebook and Google and went on to confirm that post was the first Google result if you searched for the contents of the Facebook message.

So, what happened? Apparently Google’s crawlers can be really fast sometimes and my post was indexed almost as soon as it was posted. With the Facebook scam in full throttle, thousands of people were receiving the same message. A lot of them probably did like me and deleted it immediately, but many others googled it (some before and some after entering their Facebook credentials on the site). At the same time the link to the blog post was being passed around on Facebook, meaning even more visitors. With a lot links for it from Facebook, the page became the #1 Google result, and that resulted in a lot of visitors, and eventually some more links to it, making the position even stronger.

Now, guess what I did when, 2 days later, I received a similar message? Yes, I posted it as well, and lo and behold, the visitors started pouring in again.

By the time I got a third message, just 1 day later this time, I knew that I could do it again. This time I took a slightly different approach and instead did a list of the pages that are conducting this Facebook phishing scam. Sure enough, the post got another wave of visitors.

At the time of writing of this post, the avalanche is dying down, but I’m still getting way more visitors than normal. And the original post is still the most visited, although it’s not #1 in Google anymore.

In my opinion, there were a few very important factors that made this possible. First, and maybe the most important, was the fact that I was probably one of the first to post about it (lucky me for having technologically gullible friends). How Google found it so fast I don’t know, but when people searched for it, this blog was the only one talking about it and so it showed up right at the top. Second, the Facebook message hit a huge amount of people in a short span of time. As I saw someone commenting, it must have been because it was weekend and there were less Facebook employees “policing” the site, and it took some time until such messages started being blocked.

The results? About 6500 visitors in the first hour and a total of 35.221 unique views on that first post until now. The whole thing (the 3 posts) produced almost 50.000 page views during the last 5 days. The number of RSS subscribers shot up from 28 to 120 on that first day, and has now come down to about 50, which is still a good improvement. The revenue from the ads is enough to buy a couple of pints.

Now I hope I can do it again sometime soon. Will try to get myself prepared so that I can get a higher visitor retention rate, and better clickthrough rates on the ads.

My video reporting of the Volvo Ocean Race in Galway continues with a couple of videos of Lucia Evans‘ performance at The Topaz Main Stage in the Galway docks yesterday (May 26). A very windy night, as you can see and hear in the videos, but that didn’t keep everyone at home, and the turnout was quite decent. Nothing like the previous day, though.

Well, it really seems like a new site trying to steal people’s Facebook credentials shows up every day. The .at and .be domains were attacked last week and this week the target seems to be the .ru domain. Yesterday I got a message to visit vingers.ru, and today the attack is coming in the form of nanoraw.ru. The Facebook message is similar: “Hello” for the subject and “nanoraw(insert dot)ru”.

Here’s the list of sites that have been spotted as part of this scam so far:

• afoi.ru
• areps.at
• bests.at
• bestspace.be
• brunga.at
• goldbase.be
• greenbuddy.be
• indigoline.be
• kirgo.at
• mymarket.be
• nanoraw.ru
• nutpic.at
• picoband.be
• ponbon.im
• redbuddy.be
• redfriend.be
• silvertag.be
• simplemart.be
• sweeter.be
• vingers.ru
• whiteflash.be
• whitemart.be
• yospace.be

Instead of making a new post every time a new scam site shows up, I’ll instead update this list as soon as I find a new one. So you can bookmark this post to keep safe.

I’ve also noticed that the sites only work the first time you access them, and return a 404 Not Found error in subsequent requests. I’m guessing this is some kind of attempt to hide from the victims.

These have to be the World’s dumbest criminals. Watch how two burglars try to break into a shop and end up knocking themselves out. Hilarious!