Trust but verify: understanding online seals of approval

Most of us know by now that the online world is full of fakers: phishing sites set up to look like your bank’s, come-on emails filled with nasty links that will turn your PC into a zombie for someone else’s control, disinformation Web sites for pleasure (such as the fake accounts for BP and AT&T Wireless on Twitter that have recently been created) or pain (such as fake sites supporting particular candidates that were created by their opponents).

So, when you go online to buy something or get expert advice, you probably know the drill by now. Don’t click on any link that someone emails you, bring it up and type it in your browser yourself. Look for a secured site with HTTPS if money is changing hands. Find a trusted seal at the bottom of the page. Check on a domain’s whois information to see the actual site owners that are registered. Check your browser to make sure it has been set on stun to warn you when you visit a phishing site.

Oh, for those easy days in the mid-1990s when the net was so naïve.

Despite all these efforts, you can still find untrustworthy sites that meet all of the above criteria. And it isn’t just because of the internal (and eternal) cynic in me, but because there are lots of folks out there that want to grab your clickstream or try to take advantage of you in some very subtle ways.

For example, look at DrugWatch.com, a site that has information on all sorts of drug interactions that my sister sent my way last week. It looks legit, it has a seal of approval from some Swiss entity called Health On the Net (hon.ch) and they even have more information about who actually owns the site, a Florida law firm.

My antennae started quivering as soon as I started scrolling around. I had never heard of this seal of approval, and was suspicious. I mean, Switzerland? Hmm, law firm, let’s Google them, and we find out they have been in the lead on a lot of medical liability issues. So they assemble this site on drug interactions, have an open phone line for people to call, and collect potential litigants for lawsuits. Oh, and they have obscured their whois information too.

I haven’t spent enough time on Drugwatch to determine if it is net net good or bad. But what is clear is that the entire online medical world is a true snake pit, with many nasty surprises that lurk, even for a rather aware and cynical sort. As another example, let me pose two questions and see how you answer them:

  • First, how many legit online pharmacies are there that will sell you medicines that you can trust?
  • Second, how many others are out there that are fakers?

The answer to the first isn’t that hard to figure out. You go to vipps.nabp.net and enter the URL to verify. There are less than 30 of them. When I did a report for MarkMonitor, which looks at domain reputation management among other things, I was surprised to find this out. The total number of fakers is in the hundreds, if not thousands by now.

Yes, there are some good programs that try to keep up with the bad guys by providing independent seals of approval, such as from the Better Business Bureau or Truste. But even if the site uses a real seal of approval, it can be a case where they are trying to trick you. Te Smith from Markmonitor told me: “Fraudsters are clever. They have been known to post ‘seals’ on their own sites, sometimes even generating pop-up windows that supposedly show the ‘official site’ when the consumer clicks on the link. In these cases, of course, the pop-up is taking the consumer to another area of the fraudster’s site where info about the seal is being mimicked.”

In the final analysis, it pays to be a skeptic. Yes, we all cite Wikipedia as if it were the World Book Encyclopedia, but there are some times when it isn’t true. (Shocking, I know!) And Snopes.com makes for some interesting reading of dozens of old Internet chestnuts that keep coming back in my email, year after year. (That formerly sick kid is still getting so many business cards that the post office no longer delivers them.)

Smith and I both subscribe to the theory that says trust but verify. Because you can’t be too careful.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s