Appendix C: Fake Link Requests
My name is Kelly: or How to Prey on People’s Vanity and Love of Children and Good Causes
On October 8, 2013 the following email arrived at the TeachEngineering project:
From: firstname.lastname@example.org [mailto:email@example.com]
Sent: Tuesday, October 08, 2013 2:38 PM
Subject: feedback and a thank you for your green info
Good Evening –
My name is Kelly. I work with kids in a youth activities program in Montpelier, Vermont. Recently a lot of questions have come up about ways we can help the environment and decided to do a project on eco-friendly transportation. At the end of our project we’re going to compile everyones research into a packet to be distributed to earth science classes this fall. This morning I came across your page xxx and wanted to thank you. It has some good information ways to reduce your impact on the environment that we’re going to include in our packet.
My junior counselor Julianne, also found a site that has some great information on eco-friendly transportation and alternative fuels (automotivetouchup.com/touch-up-paint/green-is-more-than-a-paint-color-for-cars); would you mind adding it to your page if it’s not too much trouble? It has some great resources not listed on your site and I’d like to show Julianne and her professor that her hard work is paying off.
Let me know what you think and if you get a chance to update. Enjoy your week.:)
On first inspection, this email seems perfectly legitimate. It is polite, friendly, flattering for sure, and it sounds quite convincing. Moreover, the return email address looks bonafide, the reference to a TeachEngineering lesson is perfectly integrated into the text and the link requested to be included in TeachEngineering looks innocuous and to-the-point. Indeed, this must surely be one of the more clever attempts at infiltrating a website. One of us even admits that he fell for it until a colleague pointed out that we had encountered a similar attempt at infiltration before.
So what is the problem here? Very little, on the face of it. But what if the request to include the link is merely an attempt to sneak an advertisement onto our pages? Or worse: what if the content to which the link points now, is changed to something a lot more nefarious once the link is included on our pages?
Inspecting the link automotivetouchup.com/touch-up-paint/green-is-more-than-a-paint-color-for-cars (at least at the time of this writing) shows a page with seemingly innocent materials and text referring to electrical and hybrid cars. However, it also contains links to paint products and links to pages which themselves contain links to products; i.e., materials visible to a spider/crawler.
So, we decided to look just a little deeper and try to figure out who or what ‘Kelly’ is. Kelly’s email comes from enrichingkids.com, so we pulled that up in our browser.
Again, this looks innocent enough. But then, when we start pulling up some of the ‘tab’ pages, we note that although the data and information on the tabs is innocent, they contain very little if any information: no mission statement, no terms-of-use policy, no ownership or organizational information. Nothing, really. Just placeholder sentences such as “We strive to provide lifelong learning opportunities and are pleased to have the opportunity to work with you and your children.” True, the ‘Resources’ page points to about 30 seemingly legitimate resources, but these are all elsewhere on the web and not owned by enrichingkids.com. Of course, most of the links on Google’s search pages also point to materials not owned by Google, but then again, Google does not ask us to be linked.
So it seems that enrichingkids is either a legitimate, though rather clumsy web site, or it might be a dummy site meant to convince those who do not immediately trust that Kelly indeed works hard for kids.
But who or what is enrichingkids.com really? Who, for instance owns the domain name? A quick ‘whois’ search yields the following:
Domain Name: enrichingkids.com
Creation Date: 23 Jun 2000 19:08:00
Registrant Name: WHOIS AGENT
Registrant Organization: WHOIS PRIVACY PROTECTION SERVICE, INC.
Registrant Street: PMB 368, 14150 NE 20TH ST – F1
Registrant Street: C/O ENRICHINGKIDS.COM
Registrant City: BELLEVUE
Registrant State/Province: WA
Admin Email: HDDQCHRX@WHOISPRIVACYPROTECT.COM
This is where the plot thickens. HDDQCRX is a strange email name, so who or what is WHOISPRIVACYPROTECT.COM (WHOIS PRIVACY PROTECTION SERVICE, INC)? Pulling it up in the browser gives the answer: “Whois Privacy Protect offers a premium service to domain name registrants to protect their personal information from being displayed in the public Whois database.”
Here again, we have no proof that Kelly is not at all interested in kids and merely fishing for ad exposure (or worse). After all, domain name owners may have good reasons to hide their identity from the public. But by now we have encountered just a few too many items of non-information. ‘Kelly’ has no last name and does not identify herself in the email. The “youth activities program in Montpelier, Vermont“ is not identified. Neither are Julianne or her professor. The enrichingkids.com site has no real information and has all the characters of a dummy or ghost site. And the domain name’s owner is hiding him/her/itself behind a whois-masking service.
Clever, for sure. Actually, quite a bit cleverer than the Nigerian offering you millions in exchange for a small donation. Just not clever enough, though …and plenty sleazy.
Unfortunately, these fraudulent attempts at link intrusion, possibly because of their cleverness and resultant success rate, are increasing in frequency. Below are two more examples. You might want to track down the origin of the emails and see what you find there! Pay close attention to linguistic clues in the messages. Whereas the spelling errors (typos) may lend a sense of authenticity to the emails, the grammar errors are a clear sign that something is amiss. Similarly, nonsensical references such as Sheryl’s “simple machines field trip” reveal their fraudulent nature.
Sent: Wednesday, March 21, 2012 8:12 AM
Subject: Suggestions and Compliments on your site, www.teachengineering.org!
Good morning & Happy Spring!
My name is Heather and I teach at Cleary Mountain Elementary School in Virginia. I wanted to take a few minutes to write to you because my students and I found your webpage xxx very helpful! We have been using your resources as a reference for our Recycling project in class!
My student, Erika, has been using another page that was very helpful that she brought to my attention:
“Environmental Concerns – Recycling”
I was wondering if you would mind adding it to your page? We both thought it would be a perfect addition to your collection of resources and I know that Erika would be delighted to see her suggestion up on your page!
I have also decided that Erika will be receiving bonus points on her next test for her newly discovered resource so thanks so much for contributing to her eduction! 🙂 We look forward to hearing from you and thank you again!
From: Sheryl Wright [mailto:firstname.lastname@example.org]
Sent: Wednesday, February 13, 2013 7:40 AM
Subject: a quick thanks for your helpful simple machine resources… 🙂
I just wanted to take the time to contact you and let you know that my classmates and I have really enjoyed using your page xxx for our simple machines field trip and projects. My teacher, Mrs. Wright, thought it would be nice if we wrote you a thank you note (using her email) to let you know that it’s been such a great help for us 🙂
As a small token of our appreciation, we all thought it would be nice send along another resource that we came across during our project: http://www.directfitautoparts.com/simple-machines-used-in-autos.html It has some helpful information and sites to learn all about simple machines (wheels, axles, levers, pulleys, etc.) that we thought could help other students as well.
And if you decided to add it to you other resources, I’d love to show Mrs. Wright that the site was up to share with other students learning about simple machines 🙂
But thanks again for your help! And I hope to hear back from you soon.
Emma Hanley (and the rest of Mrs. Wright’s class)
On Behalf Of teachengineering (noreply)
Sent: Tuesday, August 16, 2016 11:25 AM
Subject: Contact Us Feedback
Name: Morgan Konarski
Hi there, I just wanted to send you a quick email on behalf of my son Christian. Christian is currently participating in “Camp Grandma” while my husband and I are at work. While at “Camp Grandma” my mother tries and finds fun things for the two of them to do during the day that are both fun and educational. This week, my mother decided to teach Christian all about STEM and the opportunities kids have in all of those subjects. Christian has said he’s always wanted to be an engineer, so my mother has been trying to find fun games and resources for them to check out. Christian was so excited and fascinated that he insisted on doing research of his on last night on engineering and careers in this industry. He came across your page https://www.teachengineering.org/k12engineering/what and told me how helpful and easy to understand your page was. As a mother, I just wanted to thank you for making it and your help in encouraging my son with your resources. He also came across this great article with a lot of info about STEM careers, engineering basics, and full of STEM resources. Christian thought it might be a great addition to the links and resources on your page. Here it is if you wanna check it out “Computer and STEM Careers for Kids” https://www.vodien.com/blog/education/computer-stem-careers.php Would you consider adding it for me? I would love to surprise him and show him that his research will help other kids learn all about STEM in a fun way! Thank you so much, Morgan Konarski
- The cases described here were recorded over several years. Although they are true recordings, recreating or following them might not be possible anymore since fraudulent individuals and endeavors frequently change their identity and hidings. Also, some of the domain names associated with these attempts have changed ownership since we recorded these attempts. ↵