While standing in the checkout line at Whole Foods last week I overheard a conversation between the woman in front of me and the gentleman clerk at the cash register. "I sometimes get emails from grocery stores for discounts on products that I always use, but I don't understand how they know I need these items," she says to the store clerk. He replies, "You don't know the half of it."
Do I blurt out how the grocery stores know, or do I let the
two complete their conversation and part ways? They smile and say their goodbyes. I bite my tongue and hold my breath for 60 seconds, which I rarely do, to keep from trying to explain the complicated
scenario she simply describes.
As a reporter, I teach. I try to present the facts and allow readers to make decisions based on information and data. On very rare occasions I just want to
put my head in the sand like an ostrich and pretend I don't know. Pretend I don't know that Google, Microsoft, Yahoo and other email service providers scan emails for specific words so they can
target you with "relevant" advertisements. I pretend I don't know that Google links these email keywords to search queries across desktop and mobile when someone signs into their account.
I've been a huge proponent of online purchases, but I'd rather not know about all the malvertising going on. I would just rather the industry develop ways to stop it and protect consumers.
When I see all the reports of phishing and malware across email, search, display and video, I begin to think twice about visiting publisher sites, clicking on advertisements, and buying products online.
Last evening I received a note from Malwarebytes that Realtor.com became the latest victim of malvertising. Jerome Segura, senior security researcher at Malwarebytes, says the same attackers behind other recent high-profile malvertising attacks on eBay are behind this one too.
Citing SimilarWeb, Segura says realtor.com ranks third in its category with an estimated 28 million monthly visits.
Rogue advertisers have put a lot of effort into making ad banners look legitimate by promoting real products or services. The use of SSL to encrypt Web traffic is becoming more common in the fraudulent ad business, and that only makes tracking fraud more difficult.
Here is some good news for publishers and consumers that I also heard: Fraudlogix, a provider of traffic monitoring solutions, is issuing their Register of Top Performers, which singles out publishers who fight and beat advertising fraud. The sites on the list had a maximum of 6% non-organic paid traffic, or 94% organic traffic.
With Fraudlogix's technology scoring sites between zero and five, with zero denoting the lowest percentage of fraudulent traffic, all of the Top Performer sites had a score of zero. Some 500 sites were selected at random from those that fulfilled the criteria. The top-performing sites are listed here.
What's my point to all this? Spread the word. Educate others. Share what you know even if the listening party's eyes gloss over in confusion. Sooner or later they'll get it. It's the only way to clean up the mess and keep online purchases and browsing safe. (Thank you for your time and allowing me to rant.)
Having worked in the consumer packaged goods/supermarket/drug store category, I know something about how supermarkets and mass merchandise stores link in-store purchases to personally identifiable information, although I can't speak for Whole Foods specifically. Companies like Catalina Marketing have for years collected the product/sku information from point of sale terminals at check out. When you swipe your loyalty card, which already contains your name, address, city, state, and zip and email address, this personally identifiable information is then linked to your product purchases, and companies like Catalina Marketing then send you promotional emails or direct mail based on your actual consumption, or predicted consumption patterns