"I just clicked the first result when googling 'ESTA application'. It looked pretty official, but it's hard to tell because the real ESTA site looks really bad as well," says one holidaymaker of the online form you need to fill out to visit the USA. "[In hindsight], the site was obviously made to fool those who don't know better."
Think this guy is stupid and you'd never be duped? Don't count on it. Operating copycat government websites has never been so lucrative, and the people running them have stepped up their game. Plus, while fakes are relatively easy to spot if you know what you're looking for, most people really don't know what they're looking for.
On Tuesday, six people received combined sentences of more than 35 years in prison after being convicted of scamming UK consumers out of over £37 million. It was one of Britain's biggest ever online crime cases, and one of the first successful prosecutions of a copycat operator.
The fraudsters ran a network of phoney sites mimicking official services like the US Department of Homeland Security and the TfL Congestion Charge page. Hundreds of thousands of unwitting consumers paid vastly inflated prices for driving licenses, passports, visas, car tax discs and birth and death certificates. Sometimes people received the service, while on other occasions they got nothing.
But how did they get away with impersonating these websites for so long?
National Trading Standards, the consumer protection agency, has previously accused Google – the search engine that goes by the motto "Don't be evil" – of profiting from crime by letting fraudsters pay to place their websites at the top of search results. The tech giant has an army of affiliated "partners" who sell ads on the platform and direct traffic to businesses.
"One of the methods sites like these use is domain cloaking, to get its ads approved by fooling Google's bots," says Steven, a digital marketer and Google partner who was recently offered hundreds of thousands of pounds by fraudsters to run a multimillion pound ESTA scam on their behalf. "Fraudsters approach people like me because I have loads of old Google Ad accounts, and my ads are not subject to the same checks that new accounts are. Google will catch on within a few weeks, but you could churn [out] a lot of ads and make a lot of money before they do."
Online advertisers can manipulate the results you see in accordance with the keywords you search for, which can force terms like "ESTA renewal" up Google's paid-for search results. Soon enough, you're employing a phoney site to do your paperwork and assist you with accessing certain services.
A Google spokesperson said: "To protect people from harmful and misleading ads, we have a set of policies which govern what ads we do and do not allow on Google. Our misrepresentation and untrustworthy promotions policies makes it very clear that we do not allow the promotion of sites or services that conceal or mis-state information about the business, product or service. If we discover sites or services that are in violation of this policy, we will take appropriate action."
"Obviously I was tempted [to work with the fraudsters] at first – £100,000 a month is no small change. But in the long run my reputation is more important than making a quick buck," the digital marketer and Google partner tells VICE. "I don't really want to scam people anyway."
Claire Hall, one of the convicted fraudsters, clearly didn't care about scamming people – she was preparing to pay £1,400,000 in cash for a new house when the authorities stepped in.
"This was a crime motivated by greed," says Mike Andrews from the National Trading Standards eCrime Team. "This group defrauded people so they could enjoy a luxury lifestyle. They showed no regard for the unnecessary costs they imposed on their victims – I would say they treated them with contempt."
So how do people fall for these copycat websites?
"The services targeted by the scammers tend to be urgent or important to people – like a need to renew a passport or an EHIC [European Health Insurance Card] prior to booked travel," Professor Jonathan Freeman, founder and managing director at i2 media research ltd at Goldsmiths, University of London, tells VICE. "The urgency and importance of the focus may tend to inhibit people's scepticism, and might focus even relatively internet savvy people to trust sites that aren’t legitimate. For something important, a payment is more likely to be perceived as reasonable, and concerns about not being able to travel may outweigh any concern about the legitimacy of the site or payment request.
"Next is probably that we are all so used to relying on and trusting internet search results, especially if the sites returned in the search results look convincing. And, of course, another fundamental reason is likely to be a relatively low internet savviness of people who engage with the scam websites."
People may be becoming more at ease with a mouse in their hand, but as the remnants of the analogue age are increasingly swept online, it's inevitable that some people still won’t have a clue.
"The internet is now the most frequently used marketplace," said Judge Sean Morris, as he handed down his sentences while presumably reminiscing about the good old high days of the British high street. "It is full of busy people in a rush who don't have time. It's a tool used by everyone for buying train tickets, holidays, cars, visas, and it involves millions of mouse clicks a day."
Thanks for the info and for keeping us safe online, your honour. Oh, and in case you're wondering –here's the legitimate ESTA website.