[David Strom's Web Informant] 28 June 2010: Trust but verify: understanding online seals of approval

David Strom david at strom.com
Mon Jun 28 08:05:43 CDT 2010 

Web Informant 28 June 2010: Trust but verify: understanding online
seals of approval

Most of us know by now that the online world is full of fakers:
phishing sites set up to look like your bank's, come-on emails filled
with nasty links that will turn your PC into a zombie for someone
else's control, disinformation Web sites for pleasure (such as the
fake accounts for BP and AT&T Wireless on Twitter that have recently
been created) or pain (such as fake sites supporting particular
candidates that were created by their opponents).

So, when you go online to buy something or get expert advice, you
probably know the drill by now. Don't click on any link that someone
emails you, bring it up and type it in your browser yourself. Look for
a secured site with HTTPS if money is changing hands. Find a trusted
seal at the bottom of the page. Check on a domain's whois information
to see the actual site owners that are registered. Check your browser
to make sure it has been set on stun to warn you when you visit a
phishing site.

Oh, for those easy days in the mid-1990s when the net was so naïve.

Despite all these efforts, you can still find untrustworthy sites that
meet all of the above criteria. And it isn't just because of the
internal (and eternal) cynic in me, but because there are lots of
folks out there that want to grab your clickstream or try to take
advantage of you in some very subtle ways.
For example, look at DrugWatch.com, a site that has information on all
sorts of drug interactions that my sister sent my way last week. It
looks legit, it has a seal of approval from some Swiss entity called
Health On the Net (hon.ch) and they even have more information about
who actually owns the site, a Florida law firm.

My antennae started quivering as soon as I started scrolling around. I
had never heard of this seal of approval, and was suspicious. I mean,
Switzerland? Hmm, law firm, let's Google them, and we find out they
have been in the lead on a lot of medical liability issues. So they
assemble this site on drug interactions, have an open phone line for
people to call, and collect potential litigants for lawsuits. Oh, and
they have obscured their whois information too.

I haven't spent enough time on Drugwatch to determine if it is net net
good or bad. But what is clear is that the entire online medical world
is a true snake pit, with many nasty surprises that lurk, even for a
rather aware and cynical sort. As another example, let me pose two
questions and see how you answer them:

First, how many legit online pharmacies are there that will sell you
medicines that you can trust? Second, how many others are out there
that are fakers?

The answer to the first isn't that hard to figure out. You go to
vipps.nabp.net and enter the URL to verify. There are less than 30 of
them. When I did a report for MarkMonitor, which looks at domain
reputation management among other things, I was surprised to find this
out. The total number of fakers is in the hundreds, if not thousands
by now.

Yes, there are some good programs that try to keep up with the bad
guys by providing independent seals of approval, such as from the
Better Business Bureau or Truste. But even if the site uses a real
seal of approval, it can be a case where they are trying to trick you.
Te Smith from Markmonitor told me: "Fraudsters are clever.  They have
been known to post 'seals' on their own sites, sometimes even
generating pop-up windows that supposedly show the 'official site'
when the consumer clicks on the link. In these cases, of course, the
pop-up is taking the consumer to another area of the fraudster's site
where info about the seal is being mimicked."

In the final analysis, it pays to be a skeptic. Yes, we all cite
Wikipedia as if it were the World Book Encyclopedia, but there are
some times when it isn't true. (Shocking, I know!) And Snopes.com
makes for some interesting reading of dozens of old Internet chestnuts
that keep coming back in my email, year after year. (That formerly
sick kid is still getting so many business cards that the post office
no longer delivers them.)

Smith and I both subscribe to the theory that says trust but verify.
Because you can't be too careful.

Retweet this: http://bit.ly/bU3F1v

More information about the WebInformant mailing list