[updated – CARDILLY is FRAUD and NOT a legitimate business – Gift Cards NOT Received, Cardilly Security Certificate has been REVOKED.


DO NOT USE Cardilly.   GeoTrust has revoked their certificate.    Cardilly is a scam.

These clowns went under the name of “SG Marketing” operating via a bank probably in Etobicoke, Canada.     Note that there appear to be some places named “SG Marketing”  that are legitimate as well as the fraudulent Cardillians.

In December 2011 I’m informed by Citi Cards that they have permanently credited me back the $100.   I’ve sinced cancelled this card as well.

[well, it’s been about two weeks since they reported my order “shipped” and it’s not here, so I’m reporting Cardilly to the fraud department of my credit card company].

Still pretty confused about how blatant they have been with this approach, and not clear how they expect to make money, but certainly this is not a quality business and it’s probably a scam.

Yes, something seems very VERY fishy about Cardilly, but it also seems odd that scammers would be so persistent in the face of so much negative buzz.   How are they doing to avoid the fraud departments of all the credit card companies of the people they are scamming?     My tentative guess at this time is that this is a somewhat questionable  “gray hat” business, perhaps testing out something to see how it flies.   At worst I’m guessing they are sending out stolen or hacked discount cards.

I have yet to see somebody report they received their cards – definitely a red flag – but Cardilly has only been in biz for a month or so.  They seem to be using a Groupon style model which *might* explain the great deals.   Since they limit the number of cards per day it

As I noted in the earlier post Cardilly is either a scam or a very odd way to get huge, but negative, buzz for a new business.     Although many online are stating this is a scam, it appears to be a fairly profitless one since all these online charges are via Credit Cards and they’ll all honor chargeback rules.

I called Capitol One who advised me to wait to file any fraud actions until I fail to receive the promised cards – then they said they’d happily refund my money and initiate a fraud action.

I’ve inquired about my order status  (I “bought” two $100 Wal Mart gift cards for $50 each last week).    Cardilly replied:

—————-

Hello,

Orders take 2-4 weeks to arrive. That’s 2-4 weeks from the time
you place the order. Your order will come with U.S.P.S. from Canada.
This is stated in your invoice, also in our FAQ.
In your confirmation email, you should see an estimated delivery date.
There is no tracking, but you will have to sign for the package. If
your not home, there will be a notice left for you. You can wait
for another delivery or you can pick up the package from the post
office.
We thank you for your contact and appreciate your business.
—-
Cardilly.com Support
support@cardilly.com
This was support email email codes, which should enable tracking:
Delivered-To: jhunkins@gmail.com
Received: by 10.204.145.92 with SMTP id c28cs168643bkv;
        Sat, 27 Aug 2011 15:35:34 -0700 (PDT)
Received: by 10.231.68.205 with SMTP id w13mr6206623ibi.46.1314484533029;
        Sat, 27 Aug 2011 15:35:33 -0700 (PDT)
Return-Path: <support@cardilly.com>
Received: from cardilly.com (cardilly.com [72.20.12.85])
        by mx.google.com with ESMTPS id g4si3908109wfe.41.2011.08.27.15.35.31
        (version=TLSv1/SSLv3 cipher=OTHER);
        Sat, 27 Aug 2011 15:35:31 -0700 (PDT)
Received-SPF: pass (google.com: domain of support@cardilly.com designates 72.20.12.85 as permitted sender) client-ip=72.20.12.85;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of support@cardilly.com designates 72.20.12.85 as permitted sender) smtp.mail=support@cardilly.com
Received: from d24-150-156-14.home.cgocable.net ([24.150.156.14] helo=DubbsPC)
	by sparkle.universehosting.com with smtp (Exim 4.69)
	(envelope-from <support@cardilly.com>)
	id 1QxRTO-00037E-2S
	for jhunkins@gmail.com; Sat, 27 Aug 2011 15:35:30 -0700
Message-ID: <6E1E003FAE76421C82A07BAC0A68FA46@DubbsPC>
From: "Cardilly.com " <support@cardilly.com>
To: "Joseph Hunkins" <jhunkins@gmail.com>
References: <CAN2zEZ3CzBwVk8ZkQS88YPmt+ocXvU7V+a6ep7BUcbqnw2oh_A@mail.gmail.com>
In-Reply-To: <CAN2zEZ3CzBwVk8ZkQS88YPmt+ocXvU7V+a6ep7BUcbqnw2oh_A@mail.gmail.com>
Subject: Re: Order status please
Date: Sat, 27 Aug 2011 18:35:02 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_02AF_01CC64E8.089F9C50"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 15.4.3538.513
X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3538.513
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - sparkle.universehosting.com
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - cardilly.com

This is a multi-part message in MIME format.

------=_NextPart_000_02AF_01CC64E8.089F9C50
Content-Type: text/plain;
	charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Auth Code Help. Authorization Code Instructions for Domain Name Transfers from Godaddy, Moniker, and more.


Skip to highlighted text below for Auth Code Instructions

Even after thousands of domain name transactions over the years I’m always pulling my hair out with domain name transfer process which, like many mixtures of bureaucratic bungling and private sector greed, is about as frustrating, cumbersome, and potentially catastrophic.   You can even lose domain names – a key hallmark of many businesses – to scammers, inept registrars, or simple bad luck.     This post will be my attempt to help people figure out some of the quirks in the process.

First, recognize that you should not be paying more than about $10 per year for registration unless you are ALSO getting some local help/service/ etc from a webmaster. I use GoDaddy but there are many others that have reasonable fees.

Second, if you have a domain name(s) for your business or other valuable names you should register them for at least 5 years to decrease the chance you’ll lose the name.   Also, some believe search algorithms like to see longer registration times as a sign of authenticity, meaning it might help you rank a bit better all other things equal.

Third, BEWARE of the letters in the mail trying to pretend you need to renew a domain name that are really attempts to get you to switch to that registrar.   These are often legal forms of scams where they are a real service but are not the registrar you have now.

Generally you will find it easy to initiate a TRANSFER  IN to an account, and hard to nearly impossible to TRANSFER OUT.   Registrars generally make it very, very difficult to figure out the transfer out process because this will help keep people with them and even if you get angry they are losing your money and business anyway.

Unfortunately you’ll often need to do BOTH of these procedures to move a domain name from one registrar to another.   If you focus on the “TRANSFER OUT” and the required “AUTH CODES” and you’ll probably have success.

GODADDY Auth Codes:

Godaddy’s process is cumbersome but fairly straightforward.    Full details here from Godaddy.   Short version:

  1. Log in to your GoDaddy Account Manager.
  2. In the My Products section, click Domain Manager.
  3. Click the domain for which you want to retrieve the authorization code.
  4. In the Authorization Code field, click the Send by Email hyperlink.
  5. Click OK.
  6. Click OK again.

Moniker Auth Codes.

Moniker is the current front runner in my “diabolically difficult” online routine contest.   However once you know the secret you’ll be fine.  Be sure to put away ANY guns you have in the house before using their online help system or you’ll be using one on yourself.

The secret:  You obtain the Moniker Auth code to do external transfers as follows:

1. Log into your Moniker Account, select  “my domains”.

2. Now check the domain(s) you want to transfer out and click “transfer out”

3. Complete the “transfer out” dialog.

4. You should very shortly receive two emails.   You want the one that looks like the one below with domain name followed by a comma and a string that is the Auth code for that domain for the next 10 days.

5. If the process fails you may have to repeat this again (and again!) until the transfer “takes”.    Often if you purchase a domain from a third party they have *recently* registered that name and you won’t be able to transfer it for 60 days.  You’ll thus need to mark your calendar and start the process then as well as make sure the domain is registered at least through the transfer date (usually it will be as a year is usually added during the new registration)

THIS IS ONLY half the transfer process, now you’ll need to follow the instructions from your new registrar to transfer the domain *IN*, but those are usually straightforward  if you have the Auth Code.

Example Moniker Tranfer Out email:

[NOTICE] Account: 99999 Requesting Domains For Transfer Away From Moniker

As part of our standard transfer-out procedure, a notification has been submitted to Moniker notifying us of an intent to transfer the following domain(s) away from Moniker

This email serves as confirmation that we have received your notification.

This request will be valid for 10 days (240 hours).

The Reason Given For Transfer Was: changeOwnership

Domain Name,Epp AuthInfo (if applicable)
———– —————————-

2ILLINOIS.COM, 9999999CDC9
2MISSISSIPPI.COM,  9A9999B999EE

 

How to find your Enom Auth Code:
How to obtain the authorization code and unlock a domain name on eNom

Log in.

In the “Registered domains” row, click “Manage Domains”.

Click the domain you want to unlock.

In the “Manage Domain” menu, click “General Settings”.

To retrieve the EPP key, click “Email Auth Code to Registrant”.

A message confirms that the authorization code has been emailed.

To unlock the domain, go to the “Registrar-Lock” row and select “Disable”, and then click “save”.

A message confirms that the update was successful.

Social Word of Mouth Marketing


As social networking explodes on the scene I’m wondering about legitimate vs questionable marketing tactics that involve one’s social network.   Here at the JoeDuck blog I’ve avoided advertising (though I have taken a few liberties with posts that help rank other sites or promote friends, etc).

At my commercial sites I’m more aggressive with advertising and find it’s very hard to decide what levels of advertising are best suited to all the factors that come into play such as generating revenue, being honest,  keeping Google happy, etc.    Although I increasingly buy into the idea that “user friendliness” is a good guideline I don’t think it’s the best one from a revenue standpoint.   Even Google, which I think built a grand online empire partly on the basis of limiting the advertisements around search,  has very gradually increased the aggressiveness of their advertising at some “user centric” expense such as the ads that appear on top of the organic listings.    Although Google insists they are clear about identifying advertising the proof is in the perception and many people still do not understand the difference between clicks when Google is getting paid and when they are not.

I don’t object to Google’s current standards which I think are more than reasonable, though it’s always annoying to hear them pretend (or think delusionally) that their only consideration is optimizing the *user experience* without regard to revenues.   That would not be good business and arguably would deprive them of revenue they can use to provide the raft of great free services we enjoy from Google like blogger, search, mail, maps, and more.

But the real point here is to find a balance between social networking and marketing.    I certainly don’t want to pester people with advertising after they have nicely  come to Twitter or the blog to “interact” about politics, technology, or travel.     But are there appropriate advertisements that do not offend people?

More importantly, how should one handle paid or unpaid endorsements of businesses?     Over at Technology-Report we are now sponsored by Ipswitch Imail  Server, an Enterprise email system.   What’s really intriguing me is at what point one crosses the line between using and abusing the relationship you have with people to promote your business “allies”.  The link I just provided helps them.  I think that’s fine but some might say it’s using the blog inappropriately. Adding “nofollow” to the link would tell Google not to consider the link as an endorsement of the company but I’m happy to endorse them – they are smart enough to sponsor our Tech blog so they must be good, right?

I think the best working rule here at the blog is transparency, where people know the money relationships between you and those you talk about.   For stocks I use a disclosure blip, for companies an explanation of the relationship.  However for websites I’m not as transparent and I think I need to reconsider that and provide more disclosure than I have in the past to help combat the growing “economy of lies” that is far more pervasive than we tend to think.

From bank lending and “promotional offers” with fine print that traps even savvy borrowers to blatant phone credit card ripoffs that prey on the gullible to the Madoff stock scandal to bogus “get rich quick” training programs, the “economy of lies” is everywhere.    Online, it becomes even more difficult to check credentials and make sure an offer is real.

Then there are the “somewhat misleading special offers” which I think may be impossible or even undesirable to combat.    For example I’m shopping for Las Vegas hotels, flights, and show tickets and notice there are often dozens of offers for the same rooms, each with different rates.  Although the conditions vary a bit, basically these are marketing experiments designed to optimize revenues and collect information for the future.   Not perfectly “honest”, but not scams.   I’ll talk about this more at my Las Vegas Travel blog.   Hey, see, there’s a tiny SEO helpful pitch for my own site – is that legitimate?

An interesting idea – though bureaucracy alerts are kind of sounding for me now – might be to create some sort of volunteer disclosure standard that was monitored by a third party.    For example no site could endorse more than one product of the same kind.    Sites that abided by those rules would be listed and allowed to slap up a logo, those that did not would not.   Policing this probably could be done via an online “complaint” system, and the neat part would be to help screen out the huge number of junky sales sites that have no content of value and offer dubious offers.

Still, that option does not really seem workable on a grand scale because too few would participate.

Beijing Tea Scam: Beware Many Tea Houses near Forbidden City / Tiananmen Square


Beijing Tea Scam: Avoid the Si Zhu Xiang Tea House near Forbidden City / Tiananmen Square

Originally uploaded by JoeDuck

Update:  Generally, if you are approached by a good English speaker there is a *very good chance* he or she is trying to scam you or sell you something rather than “practice English”.  In Tea houses confirm pricing *before you sit down* or you’ll probably be in for a surprising bill.

Beware the SI ZHU XIANG Tea House in Beijing!

I fell for the Beijing Tea Scam (also common in Shanghai) where you are approached by a person claiming to want to practice english, then subtly lured to a Tea House for a “Tea Ceremony” that is hugely overpriced.

The scam is so good I have learned that many other travelers have also been duped by this because it preys on the fact that you don’t want to insult anybody and generally are unfamiliar enough with the landscape, money, etc. that you just pay the bill.  My bill was $85 for a few tea samples. I’m guessing some who fall for this never even realize that they have been scammed – rather just think they paid “a lot” for Tea as I did untili I realized this was a very clever con game common in Beijing and Shanghai.    I have challenged the charge and cancelled my card and will post follow ups on this later.

The China Tourism groups and guidebooks are guilty of NOT warning people enough about the fact that generally if you are approached in popular tourism areas by people who can speak english they are usually working some sort of sale or scam.   Several sources suggested to me that it is common in China for people to come up and ask to take pictures and “practice” their English.  Although I’m sure there are exceptions to the rule, the notion that people are looking to practice their english is only true in that that they are improving on these very clever short cons.     I think I was approached at least ten times – mostly in Beijing – sometimes it was obvious they were working to sell me something but sometimes not at all apparent.

I can only hope that law enforcement does something to prevent this during the Olympics because a lot of this may overshadow the experience of meeting some of the wonderful people of China, only a tiny number of whom are perpetrating the scams.

Beware the SI ZHU XIANG Tea House in Beijing!

Looking for legitimate tea?   Try Beijing Tea Street but still make sure you understand pricing.  China really takes tea seriously and some are very expensive.

Click Fraud Class Action against Miva / Lycos: Good idea, but payoff and motives questionable.


Update upon closer examination of the terms:   Holy crap, BatClickMan, this action is pretty bogus unless you are on the legal team.   Here’s the deal:  Lawyers get a bunch of cash from MIVA while the defrauded customers get 50% off future purchases of clicks from MIVA.      Given that MIVA clicks are generally of  questionable value and positive ROI is tough even with PPC campaigns at Google where they do much better job making sure clicks are legitimate and relevant, this is almost a worthless payment for the defrauded folks unless they have accounts with MIVA now and are spending huge amounts AND are getting some good  ROI.

I won’t even be bothering with this nonsense which appears more like the legal firm looking to nab a few million for an interesting case rather than much if any justice getting done. 

As a MIVA advertiser I just got the email announcing a class action lawsuit against Miva/Lycos that alleges:

… MIVA and Lycos breached their contracts with class members, unjustly enriched themselves, and engaged in a civil conspiracy by failing to adequately detect and stop “click fraud” or other invalid or improper clicks on online advertisements.  MIVA and Lycos deny Plaintiffs’ allegations and contend that all payments they have received from class members for online advertising were legally and properly charged …

I’m surprised there have been so few of these lawsuits because there has been and still is a staggering amount of click fraud, and despite some crackdowns all the advertising places are essentially misleading people about the extent of the fraud.    Part of the reason the wrath has been lower than one might expect is that you generally can get pay per click refunds from search engines  for many types of complaints and I assume they have done a lot of crediting of major ad accounts if fraud was discovered or even suspected.

Of course this may not be worth the trouble as the payout is in … wait for it … more MIVA clicks!    Ha – I guess this could be called the “one fraudulent click deserves another” class action?

Under the settlement, MIVA will establish a settlement fund of $3,936,812.00 on behalf of MIVA and Lycos, of which a portion will be used to pay class counsel’s fees and costs, and the remainder will be available to class members in the form of advertising credits that may be applied to up to 50% of the cost of future online advertising purchased from MIVA.  To receive credits, you must submit a valid and timely claim form.  Credits will be awarded on a pro rata basis, taking into account the amount that you paid to MIVA and/or Lycos for ads that you believe in good faith to have been result of click fraud and the total amount of credits available.  For example, if the amounts that you paid to MIVA for the affected ads were 1% of the combined online advertising revenues of MIVA between January 1, 2000 and September 30, 2007 and Lycos between September 23, 2002 and March 30, 2006, you would be eligible to receive 1% of the total available credits.  You must certify in your claim form the percentage of your ads you believe were the result of “click fraud.” Credits must be used within one year of issuance and may be used only for advertising on the MIVA Media US Network.

Here’s the online claim form and a lot more information:  www.PayPerClickSettlement.com

Associated Content monetizing plagiarized content.


update:  I’ve rewritten this post after realizing Mashable is not saying AC did anything illegal.

Mashable is falling just short of charging Associated Content, a well-funded content distribution portal, with plagiarism.   Apparently an AC contributor has lifted a lot of Mashable articles verbatim and posted them at AC.     Mashable argues that since AC claims to edit contributions they should have caught this. 

As Mashable notes what makes this scraping and stealing more conspicuous is that AC is a relatively big online publishing player, not a junky run of the mill “made for adsense” site that would soon be delisted from Google and abandoned.

Of course, few sites screen contributors fairly carefully.  In the rush to create profitable social communities, many sites are willing to turn a blind eye to who is posting what and from whom.    Google’s getting better at delisting plagiarized content, but it’s still a big problem.    The solution is fairly simple but so far few are willing to implement better screening of publishers and writers.   Google adsense, for example, is often run on the lowliest of scraped content websites.   Since Google has a record of payments to those publishers  I find it hard to believe they are doing a careful job of deleting them from the system.    I have not even heard Google claim that they do anything much to ban people from the Adsense program.     With adsense as a prime monetizer of online content both legitimate and plagiarized, it would be nice to see Google blacklist abusers and pass this along to other advertising networks.

However based on my experiences as an advertiser Google is probably the best at following up and creating at least a minimal level of accountability for publishers.   I bought cheap traffic from Enhance and the number of junk sites was very conspicuous in the logs.  Conversion was close to zero and I discontinued the campaign.  

Mary is Meeker than yesterday on revenue estimates?


I’m still digesting this amazing story by Henry Blodgett  about how Morgan Stanley analyst Mary Meeker’s seems to have 1) inadvertently miscalculated YouTube revenue potentials by a factor of *1000* and then,  adding insult to injured fuzzy math, seems to have reworked the calculation to “back into” a new number that is closer to the original than the one you’d get from the original assumptions.

I need to read her side of this but Blodget is no stranger to the perils of fuzzy math and I remain amazed at how few in the media question how the big players estimate this stuff.  This certainly indicates that for many years big players have used bogus valuations, fueled by the casino-like buying behavior of clients.     Without more critical review this will keep on trucking for some time.