Why send a false website typo report?
March 5, 2021 3:16 PM Subscribe
The highly popular website of a respected international organisation received a message from someone who appears to be an established journalist/translator. He reported a couple of embarrassing typos (similar to mixing up there/their) on one webpage. Staff could not see the errors and requested a screenshot. The journalist sent one which showed the typos... but they aren't on the live site and, according to the page revision log, have never been there.
Is there an explanation that makes any sort of sense both technically and in terms of human behaviour?
Yes, I know that Chrome can edit page source on the fly - and screenshots can be doctored. But the person reporting this has won awards for his journalism and his messages appear to have no ulterior motive other than to get the 'error' corrected. What could he be hoping to achieve by claiming an error exists when it clearly does not?
He might not be a real journalist, perhaps his LinkedIn page with 500 contacts is a fake, but that simply makes the hoax more elaborate for its near zero payoff. If you get off on mildly confusing people, there are many lower effort ways to achieve a greater effect.
I suppose a browser extension could theoretically introduce random typos while browsing but I can't find evidence such a thing exists or come up with any reasonable set of circumstances that would lead to it being installed surreptitiously.
None of the staff who edit page content have the technical skills or access permissions to fake the page revision log and anyway there would be no consequences for introducing such an error beyond a friendly reminder from the boss to always run copy past the proofreader. Also the two errors are (a) so blatant it's very unlikely any of the editorial staff would make them and (b) identical, but in areas of the page managed by two separate teams.
Yes, I know that Chrome can edit page source on the fly - and screenshots can be doctored. But the person reporting this has won awards for his journalism and his messages appear to have no ulterior motive other than to get the 'error' corrected. What could he be hoping to achieve by claiming an error exists when it clearly does not?
He might not be a real journalist, perhaps his LinkedIn page with 500 contacts is a fake, but that simply makes the hoax more elaborate for its near zero payoff. If you get off on mildly confusing people, there are many lower effort ways to achieve a greater effect.
I suppose a browser extension could theoretically introduce random typos while browsing but I can't find evidence such a thing exists or come up with any reasonable set of circumstances that would lead to it being installed surreptitiously.
None of the staff who edit page content have the technical skills or access permissions to fake the page revision log and anyway there would be no consequences for introducing such an error beyond a friendly reminder from the boss to always run copy past the proofreader. Also the two errors are (a) so blatant it's very unlikely any of the editorial staff would make them and (b) identical, but in areas of the page managed by two separate teams.
Best answer: What's also strange is that no journalist I know would really have the time to correct random errors on someone else's site (he has no prior involvement with this content, right?).
posted by pinochiette at 3:39 PM on March 5, 2021 [11 favorites]
posted by pinochiette at 3:39 PM on March 5, 2021 [11 favorites]
Best answer: I’d send a screenshot of what you see and say “weird, this is what it looks like on our end.” I’d just be curious how he’d respond.
posted by showbiz_liz at 3:42 PM on March 5, 2021 [2 favorites]
posted by showbiz_liz at 3:42 PM on March 5, 2021 [2 favorites]
I think you need to confirm that this person is who they say they are. As someone who administered the website email inbox of a very large organization, I can't even begin to tell you how many "Hey I noticed typos/SEO mistakes/etc. on your website! I can fix this for you if you want to talk." It wouldn't surprise me if impersonation became part of that racket.
posted by General Malaise at 3:49 PM on March 5, 2021 [28 favorites]
posted by General Malaise at 3:49 PM on March 5, 2021 [28 favorites]
What General Makaise said. I get these all the time about our company website. It’s fake. Send to junk mail and block sender.
posted by MexicanYenta at 3:54 PM on March 5, 2021 [2 favorites]
posted by MexicanYenta at 3:54 PM on March 5, 2021 [2 favorites]
Response by poster: could this person be (perhaps unknowingly) running one of those browser extensions that swaps a certain word out for another word, for comedic or prank purposes?
Thanks, it's an interesting thought which I'd already considered - see my fourth paragraph. It's not a comic typo and while there might be an obscure extension which introduces common errors into web pages while browsing, I can't find one. I also can't imagine the context that would lead to such an extension being installed for a prank. Several hours went by between the initial email and the follow-up so he would have likely seen many other web pages with similar errors in the meantime and realised something was up.
he has no prior involvement with this content, right?
Good question - none whatsoever.
I’d send a screenshot of what you see and say “weird, this is what it looks like on our end.” I’d just be curious how he’d respond.
Good idea, already done! The initial response from the website staff to his first (text only) message indeed included a screenshot of one of the areas of text in question. His response was his screenshot with no acknowledgement of the discrepancy.
I think you need to confirm that this person is who they say they are. As someone who administered the website email inbox of a very large organization, I can't even begin to tell you how many "Hey I noticed typos/SEO mistakes/etc. on your website! I can fix this for you if you want to talk." It wouldn't surprise me if impersonation became part of that racket.
This website gets plenty of those too, but this is not similar because (1) the messages he sent were terse and contained their own typos (2) two messages and no solicitation (3) a pitch based on claiming an error which the site can immediately see isn't there is less effective and more work than the generalities these spams normally use.
In terms of his identity, the SMTP/SPF headers look like genuine gmail and the address is listed on a LinkedIn profile with 500 connections. As I wrote above, it could still be fake but that's an awful lot of effort to impersonate an established, but minor journalist and translator.
I get these all the time about our company website.
Fake screenshots of typos on your web pages? If so, then that's the answer but this is nothing like normal website spam which is very obvious.
posted by Busy Old Fool at 4:08 PM on March 5, 2021 [1 favorite]
Thanks, it's an interesting thought which I'd already considered - see my fourth paragraph. It's not a comic typo and while there might be an obscure extension which introduces common errors into web pages while browsing, I can't find one. I also can't imagine the context that would lead to such an extension being installed for a prank. Several hours went by between the initial email and the follow-up so he would have likely seen many other web pages with similar errors in the meantime and realised something was up.
he has no prior involvement with this content, right?
Good question - none whatsoever.
I’d send a screenshot of what you see and say “weird, this is what it looks like on our end.” I’d just be curious how he’d respond.
Good idea, already done! The initial response from the website staff to his first (text only) message indeed included a screenshot of one of the areas of text in question. His response was his screenshot with no acknowledgement of the discrepancy.
I think you need to confirm that this person is who they say they are. As someone who administered the website email inbox of a very large organization, I can't even begin to tell you how many "Hey I noticed typos/SEO mistakes/etc. on your website! I can fix this for you if you want to talk." It wouldn't surprise me if impersonation became part of that racket.
This website gets plenty of those too, but this is not similar because (1) the messages he sent were terse and contained their own typos (2) two messages and no solicitation (3) a pitch based on claiming an error which the site can immediately see isn't there is less effective and more work than the generalities these spams normally use.
In terms of his identity, the SMTP/SPF headers look like genuine gmail and the address is listed on a LinkedIn profile with 500 connections. As I wrote above, it could still be fake but that's an awful lot of effort to impersonate an established, but minor journalist and translator.
I get these all the time about our company website.
Fake screenshots of typos on your web pages? If so, then that's the answer but this is nothing like normal website spam which is very obvious.
posted by Busy Old Fool at 4:08 PM on March 5, 2021 [1 favorite]
I think this is just an (unethical) professional proofreader trying to drum up business. He’s just counting on people going “oh shit, typos on the website, we do need a proofreader!” and not verifying.
posted by mekily at 4:16 PM on March 5, 2021 [4 favorites]
posted by mekily at 4:16 PM on March 5, 2021 [4 favorites]
Best answer: In terms of human behaviour this doesn't sound at all like spam emails whether of the sketchy seo type or the unethical proofreader.
The only thing remaining is an extension innocently gone awry (doesn't need to be a humorous word replacer, extensions can interact weirdly especially when you're ruining several dozen).
I'm ask them to try in another browser or using a mobile browser.
posted by turkeyphant at 5:08 PM on March 5, 2021 [1 favorite]
The only thing remaining is an extension innocently gone awry (doesn't need to be a humorous word replacer, extensions can interact weirdly especially when you're ruining several dozen).
I'm ask them to try in another browser or using a mobile browser.
posted by turkeyphant at 5:08 PM on March 5, 2021 [1 favorite]
Best answer: I wonder if it's a phishing attempt to pick up real email addresses or IP addresses. Is the email itself secure? Does it have beacon pixels?
posted by kschang at 5:59 PM on March 5, 2021
posted by kschang at 5:59 PM on March 5, 2021
Have you checked the long headers in the emails to see if the emails are actually from who they claim to be? I think you’re being played for some reason.
posted by Thorzdad at 7:43 PM on March 5, 2021 [1 favorite]
posted by Thorzdad at 7:43 PM on March 5, 2021 [1 favorite]
The next contact you have from this person will be them offering their copywriting services.
posted by sideshow at 7:57 PM on March 5, 2021 [3 favorites]
posted by sideshow at 7:57 PM on March 5, 2021 [3 favorites]
Best answer: Not all human behavior can be explained rationally. I'd probably just start ignoring this person, if it's possible, or give a terse "thanks for bringing this to our attention" reply if policy requires you to reply with no indication that you intend to act on what they say.
posted by Aleyn at 8:33 PM on March 5, 2021 [2 favorites]
posted by Aleyn at 8:33 PM on March 5, 2021 [2 favorites]
Best answer: There’s also the possibility that someone has spoofed your website, and he’s looking at the fake one. People do that to run their own scams. There’s always about two “copies” up of my employer’s website (of various quality) at any given time—all set up by scammers and lasting a few months until we find them and get them shut down.
posted by whitewall at 9:55 PM on March 5, 2021 [6 favorites]
posted by whitewall at 9:55 PM on March 5, 2021 [6 favorites]
I have seen this exact issue, and in my case it was a hacked website that was showing one set of content to the admins and a different set of content to viewers. Adding links to online pharmacies, that kind of stuff. The hack was bad though, and so random characters would sometimes show up mid-word.
posted by Jairus at 11:07 PM on March 5, 2021 [9 favorites]
posted by Jairus at 11:07 PM on March 5, 2021 [9 favorites]
it could still be fake but that's an awful lot of effort to impersonate an established, but minor journalist and translator.
Very little effort if the established, but minor journalist and translator has a shitty Gmail password and somebody else is operating their account.
the messages he sent were terse and contained their own typos
Scammer.
in my case it was a hacked website that was showing one set of content to the admins and a different set of content to viewers
A link to the highly popular website of a respected international organisation, plus a rough guide to the locations of the claimed errors, would let any of us check the public view and report back.
posted by flabdablet at 12:05 AM on March 6, 2021 [3 favorites]
Very little effort if the established, but minor journalist and translator has a shitty Gmail password and somebody else is operating their account.
the messages he sent were terse and contained their own typos
Scammer.
in my case it was a hacked website that was showing one set of content to the admins and a different set of content to viewers
A link to the highly popular website of a respected international organisation, plus a rough guide to the locations of the claimed errors, would let any of us check the public view and report back.
posted by flabdablet at 12:05 AM on March 6, 2021 [3 favorites]
I've seen legitimate different things on my old phone from everyone else, so it's possible there's just standard magic internet problems.
posted by Jacen at 3:35 AM on March 6, 2021
posted by Jacen at 3:35 AM on March 6, 2021
Best answer: I also can't imagine the context that would lead to such an extension being installed for a prank.
I'm not saying this is what happened (it's almost certainly not), but if I had the ability to make such extensions and I knew a minor journalist of the personality type to send emails to every website with a typo complaining about the typos, the first thing I'd do would be consider trolling him with it. (I wouldn't do it because of the people on the other end who don't deserve the headache, but the urge to make him nuts and waste his time would be strong.)
posted by babelfish at 7:39 AM on March 6, 2021 [1 favorite]
I'm not saying this is what happened (it's almost certainly not), but if I had the ability to make such extensions and I knew a minor journalist of the personality type to send emails to every website with a typo complaining about the typos, the first thing I'd do would be consider trolling him with it. (I wouldn't do it because of the people on the other end who don't deserve the headache, but the urge to make him nuts and waste his time would be strong.)
posted by babelfish at 7:39 AM on March 6, 2021 [1 favorite]
Best answer: Are you, the journalist, and the staff all in the same region? In any case, have you had someone far away from your offices look at the web pages in question and see if the typos appear for them?
It is also possible that this contact is part of a spear phishing attempt, just looking for names and email addresses of people inside the organization, especially those who work in IT.
posted by Winnie the Proust at 8:53 AM on March 6, 2021 [2 favorites]
It is also possible that this contact is part of a spear phishing attempt, just looking for names and email addresses of people inside the organization, especially those who work in IT.
posted by Winnie the Proust at 8:53 AM on March 6, 2021 [2 favorites]
I got one of those emails for a personal website. I vote Scam.
posted by dudleian at 2:45 PM on March 6, 2021
posted by dudleian at 2:45 PM on March 6, 2021
Response by poster: Thanks for all the thoughtful replies. I think a summary of the exchange so far would help explain why I'm doubtful about some of the theories.
I'm not discounting this entirely, but I find it hard to imagine many webmasters would see message (1) above and not visit the page to check/fix the errors as a first step. And even if they did panic and search for a proofreader, they'd have no reason to think he was one.
I'd ask them to try in another browser or using a mobile browser.
Excellent suggestion and I agree fully with your other comments.
I wonder if it's a phishing attempt to pick up real email addresses or IP addresses. Is the email itself secure? Does it have beacon pixels?
Very good question. However, the initial enquiry came through a web form which aggressively strips out anything but text. The follow-up email looks OK too, though the infosec team should probably have a look at it. My problem with the phishing theory is that there are dozens of ways to engage a website team in email correspondence that wouldn't arouse the suspicion and scrutiny which faking a screenshot has.
Have you checked the long headers in the emails to see if the emails are actually from who they claim to be?
Yes - see my previous comment. SPF, DKIM and DMARC all entirely consistent with a genuine gmail message.
There’s also the possibility that someone has spoofed your website, and he’s looking at the fake one.
It's a good idea, but the URL in the initial email report was the correct one. Also for technical reasons the website doesn't actually get spoofed that often.
I have seen this exact issue, and in my case it was a hacked website that was showing one set of content to the admins and a different set of content to viewers.
Another good suggestion, but the page in question was checked while logged out by staff in several different countries using non-corporate IPs. This is a high profile website and there would have been other reports if anything like that had appeared.
I got one of those emails for a personal website.
A fake screenshot of typos on your website, without any accompanying attempt to offer services in two initial emails? If so, was there a follow-up pitch?
posted by Busy Old Fool at 3:18 PM on March 6, 2021
- person@gmail.com: On https://example.com/contentpage there are 2 errors. One is foo and the other is bar.
- website: Thanks. We're not sure where you see that - here's our screenshot, please send your own screenshot.
- person@gmail.com: (attaches faked screenshot) The errors are foo and bar.
- Search for his gmail address and find a trade page where it's linked to his full name
- Then search for his full name to find his LinkedIn page
- Finally check the contact information on the LinkedIn page where the same email address is listed to confirm it's him and not someone else with the same name
I'm not discounting this entirely, but I find it hard to imagine many webmasters would see message (1) above and not visit the page to check/fix the errors as a first step. And even if they did panic and search for a proofreader, they'd have no reason to think he was one.
I'd ask them to try in another browser or using a mobile browser.
Excellent suggestion and I agree fully with your other comments.
I wonder if it's a phishing attempt to pick up real email addresses or IP addresses. Is the email itself secure? Does it have beacon pixels?
Very good question. However, the initial enquiry came through a web form which aggressively strips out anything but text. The follow-up email looks OK too, though the infosec team should probably have a look at it. My problem with the phishing theory is that there are dozens of ways to engage a website team in email correspondence that wouldn't arouse the suspicion and scrutiny which faking a screenshot has.
Have you checked the long headers in the emails to see if the emails are actually from who they claim to be?
Yes - see my previous comment. SPF, DKIM and DMARC all entirely consistent with a genuine gmail message.
There’s also the possibility that someone has spoofed your website, and he’s looking at the fake one.
It's a good idea, but the URL in the initial email report was the correct one. Also for technical reasons the website doesn't actually get spoofed that often.
I have seen this exact issue, and in my case it was a hacked website that was showing one set of content to the admins and a different set of content to viewers.
Another good suggestion, but the page in question was checked while logged out by staff in several different countries using non-corporate IPs. This is a high profile website and there would have been other reports if anything like that had appeared.
I got one of those emails for a personal website.
A fake screenshot of typos on your website, without any accompanying attempt to offer services in two initial emails? If so, was there a follow-up pitch?
posted by Busy Old Fool at 3:18 PM on March 6, 2021
~Have you checked the long headers in the emails to see if the emails are actually from who they claim to be?
~Yes - see my previous comment. SPF, DKIM and DMARC all entirely consistent with a genuine gmail message.
A genuine Gmail message from the real person, though? Gmail is widely used by spammers and phishers, so being a genuine Gmail message is meaningless unless you can verify that it's actually from the real person you think it is.
posted by Thorzdad at 7:50 AM on March 7, 2021
~Yes - see my previous comment. SPF, DKIM and DMARC all entirely consistent with a genuine gmail message.
A genuine Gmail message from the real person, though? Gmail is widely used by spammers and phishers, so being a genuine Gmail message is meaningless unless you can verify that it's actually from the real person you think it is.
posted by Thorzdad at 7:50 AM on March 7, 2021
Response by poster: A genuine Gmail message from the real person, though? Gmail is widely used by spammers and phishers, so being a genuine Gmail message is meaningless unless you can verify that it's actually from the real person you think it is.
I'm a bit confused what you are asking. If you think confirming the From line is meaningless, why did you ask if the headers were checked? That's all they can confirm. It's definitely from the address listed in the LinkedIn, but whether that sufficiently verifies that it's from the person it appears to be from is an open question.
posted by Busy Old Fool at 4:30 PM on March 20, 2021
I'm a bit confused what you are asking. If you think confirming the From line is meaningless, why did you ask if the headers were checked? That's all they can confirm. It's definitely from the address listed in the LinkedIn, but whether that sufficiently verifies that it's from the person it appears to be from is an open question.
posted by Busy Old Fool at 4:30 PM on March 20, 2021
Response by poster: In case anyone wants to know the outcome...
One more reply was sent, again pointing out that the errors in the screenshot were not visible to anyone else and asking the enquirer to check again on a different device. There was no response and I think two weeks on, there isn't going to be.
I've marked as best answer all those who provided useful thoughts. Thanks!
posted by Busy Old Fool at 4:40 PM on March 20, 2021 [1 favorite]
One more reply was sent, again pointing out that the errors in the screenshot were not visible to anyone else and asking the enquirer to check again on a different device. There was no response and I think two weeks on, there isn't going to be.
I've marked as best answer all those who provided useful thoughts. Thanks!
posted by Busy Old Fool at 4:40 PM on March 20, 2021 [1 favorite]
This thread is closed to new comments.
posted by primethyme at 3:34 PM on March 5, 2021 [5 favorites]