Hacking Online Reviews

For this post, I want to return the word hacking to its nefarious definition. We prefer the kinder definition of a hacker as someone who creates or modifies things to fit some purpose or to improve its function. But a hacker can also be someone who breaks into computer systems or steals phone service or breaks encryption.

There are some “hacker battlefields” that are very visible. Protecting credit card numbers from hackers is a good example. But there are some subtle ones that many people don’t notice. For example, the battle for online reviews. You know, like on Amazon when you rate the soldering iron you bought and leave a note about how it works. That might seem like a strange place for hacking until you stop and think about why people do bad hacking.

In its infancy, the Internet was an networking highway that let you go to a particular host and use tools on it. In fact, I can remember paying DIALOG a lot of money (upwards of $100/hour) to access custom databases online. You could use Gopher to look for particular documents on a server. A hacker, in those days, might be interested in penetrating a particular server and finding individual documents or accessing particular applications.

Hacking People

Despite movie and TV exploits showing password cracking machines and geniuses who figure out passwords using some technobabble explanation, the easiest way to get a password for a machine is usually social engineering. You know, you call someone who has an account on the machine and say something like:

Mr. Green? This is Samantha Rivers with tech support. Our in-phase monitor shows that your machine is being infected by a virus right now. Are you visiting any unusual web sites? No? Well, you better give me your password right now so I can stop it before it encrypts your hard drive with a multispectral quantum entanglement key. If that happens, your data will be lost forever.

This illustrates something I’ve always thought was interesting: hacking a computer is nothing compared to hacking a human. We’ve had human hackers for longer than we’ve had computers. Psychics doing cold- and warm-reading on victims, come to mind. Scams like the pigeon drop or any of hundreds of other scams were perpetrated long before e-mail offering you a share of some Nigerian prince’s bank account were technically possible. Ad men have long been people-hackers as have merchandisers. Next time you are in the cereal aisle at a supermarket, note the placement of the cheap brands vs. the pricey brands. It isn’t an accident.

Not all of this hacking is illegal or even bad. Granted, conning victims isn’t a good thing, but placing pricey cereal at eye-level is just optimizing profit. It all boils down to this: a person-hacker wants to make you do something. Buy a product. Spend more money. Give them your money. Fake online reviews are the newest form of social engineering.

Positive and Negative Reviews

In the case of online reviews, you have several competing interests. The value of positive reviews to my product is pretty obvious. A little less obvious is the value of negative reviews for my competitors. This goes on more than you might think. Several years ago I had a book due out tied to the release of a Microsoft operating system. Microsoft delayed the release, so we delayed the book also. I had about two chapters completely done and maybe another four in draft on the original release date. Despite that, a few days after that date a very nasty Amazon review showed up saying the book didn’t even deserve one star, but that was the least you could give. It also suggested an “excellent” alternative book that I won’t name.

Short of someone breaking into my office, no one had seen more than two chapters of the book. And those people all worked for my publisher, so the obvious answer was the review was totally fake and very likely posted by someone with fiduciary interests in the other title. To Amazon’s credit, they did remove the post once we let them know the review was on a book that wasn’t available yet.

amazon-star-review
With so many reviewers,
customers immediately trust this product

There is a third stakeholder in all this: the retailers themselves (and the service providers that put ratings on most major Web sites). Think about this: If you were a real Nigerian prince trying to launder money, you’d be shocked at how hard it is. Most people have figured out that scam, and if you were legitimate, people would still assume you were a scammer. If scam reviews become common, the value of reviews will disappear. So the companies like Amazon, Bazaarvoice, and PowerReviews all have a vested interest in protecting the integrity of reviews. For companies like Amazon, that could lead to reduced sales. For the others, a failure of online reviews could put them out of business.

Scanning for Fakes

There have been a few academic papers about spotting fake reviews. Apparently, fake reviewers are more likely to talk about themselves instead of the product. Other ways to spot fake reviews focus on the reviewer. Common sense tells you that a reviewer who has posted just one review or that only reviews one company is suspect. Reviewers that have all 5-star reviews is another tip-off.

fakespot-review-analysisThere are automated websites now putting some of these algorithms into use. There’s one for hotel reviews from Cornell. Another recent site, fakespot.com, only works with Amazon. The fakespot site is especially interesting because it lets you view some of the reviews it is calling out as fake and explains its analysis. On the other hand, I plugged in a Kindle book that clearly had fake reviews (a ten-page pamphlet universally panned except by the first eight reviewers who all posted on the same day). The site told it me it thought the reviews were real.

While it doesn’t get as much press as, say, credit card hacking, review hacking can be pretty disastrous to consumers (then again, there has been some news coverage like the video below). We’ve long had the idea of white-hat hacking. Maybe part of that is developing these algorithms and tools to detect suspicious reviews. Perhaps the “good” hacker community will take up that challenge.

One thing is for certain: cyberspace crime and physical world crime are closely related. We’ve had breaking and entering, fraud, scams, and everything else way before we had computers. Nothing so far has stopped all crime, so it is unlikely we’ll squelch all computer-based shady activity, including review tampering. However, just because bolt cutters will open a padlock doesn’t mean you don’t padlock your shed. We just need more tools to help people make informed decisions about the validity of things they read online.

Thanks to [Patrick Williams] for pointing out fakespot.com and providing some background for this post.

25 thoughts on “Hacking Online Reviews

    1. If this is a real company, they don’t have your password. If they do, their security is terrible. Instead, they should only have the hash of your password. They should have to reset the password, and either give you the temp password or send you an email with the reset instructions.

      A good company/provider will never store your password.

  1. “In its infancy, the Internet was an internet highway that let you go to a particular host and use tools on it…”

    Doesn’t make sense – did you mean “information highway” and autocorrect stepped on it?

    “…In fact, I can remember paying DIALOG a lot of money (upwards of $100/hour) to access custom databases online. You could use Gopher to look for particular documents on a server. A hacker, in those days, might be interested in penetrating a particular server and finding individual documents or accessing particular applications.”

    Wow, I’d forgotten all about DIALOG. Thanks for reminding me.

  2. ★☆☆☆☆
    This blog has TERRIBLE service and didn’t even bring me water OR food! I don’t think they even have a kitchen! I had to make my own food and then use my own internet connection to read their articles as a meager form of entertainment (I tried to nibble on one and it tasted horrible). How is this business still in operation?

  3. If you ask me, a term “hacking” means a highest level of computer science. Someone should have been called a hacker only when he reach something worth admiring, something really big. Not just like stealing someones Facebook account password of his/her close friends, which can easily be done by doing some social engineering skills.

    And what is interesting is that this is starting to be harder and harder every day due to rapidly evolving of technology, computer science and security. It’s easily to fake a human then machine. And these machines are getting smarter and more intelligent every day. We need to evolve our minds too, instead of wasting our days on watching brain-washing TVs and browsing Facebook feeds. It might be a good idea to learn and read a lot.

    Anyway interesting article, thanks for sharing!

    Regards,
    Adam

      1. Indeed even my review may look fake. Or some sites want the customer to answer with a rating, experience with seller, shipping and overall satisfation. When a maybe fake IS fake is when they just seem inappropriate to the context, as when someone says “product works, 1 year warranty” of an action figure.

  4. Good article. Has anyone seen the ads for “Addium” on facebook? They claim it’s a pill like what’s in the movie, “Limitless.” The add looks like it’s from CNN. I dug into it and saw the amazon reviews (at the time) were almost at 5 stars with raving reviews. I kept scrolling down and saw some people say it was like a caffeine pill. I noticed the pattern. People rating it bad were “Verified” buyers. Most of the good reviews were not. Of course, a whois of the fake CNN site as well as the Addium website revealed they were both hosted by the same service. It looks like Amazon may have deleted many of those reviews now though.

  5. The article mentions people hacking. In this context, one of the oldest professions has to be that of the “professional” panhandler. You all know the type, able to elicit the desired emotional response from his mark, with the goal of opening the wallet…..

    In my opinion, the ad writers and marketers are no better than the bum on the street that gets you to give up your hard earned cash.

    Who hasn’t noticed the similarities in all the television and radio ad campaigns that get the best response?

  6. Here’s a list of some additional academic research re:online deception in social networks that you may be interested in.
    https://hackaday.io/page/1447-list-academic-papers-online-deception

    Until a few years ago I was oblivious to the rampant use of fake reviews; sybil accounts; astroturfing; trolls; etc. – Something that only happened in movies and on t.v., or so I thought.

    The results on sites like Amazon/Yelp is interesting and at minimum based on an actual product of service. What blows my mind is the pervasiveness of these deceptive practices on crowdfunding sites like Kickstarter and Indiegogo – for products that don’t exist and people with no history.

    The economics of deception is incredible – Millions of dolllars to bad actors, lubricated by fabricated social proof.

  7. New rules.

    1 discard all full star ratings.
    2 give most weight to mid star ratings.
    3 screen low star ratings for specifics. If the specifics match roughly across
    reviews then accept the negative comments.
    4 A few low star ratings are to be expected due the left side bell curve users discount those.
    5 spin that wheel…

    1. Reading the low star reviews with a bit of knowledge also helps. I was looking for a countertop dishwasher, half of the 1 and 2 star reviews were that the hoses leaked at the seals no matter how much you tightened them. The pictures showed the hoses had plastic nuts. What little plumbing I know says that no washer made can save you from stripped threads, and that Teflon tape is cheap insurance. Had that dishwasher for 5 years till I moved somewhere with a full sized one. Never a single leak.

      Unless a “this product sucks” reviewer gives details, it’s about as valuable as “amazing would buy again A++++”. Once the reviewer gives details, it gets easier to sort out the folks who understand why something broke from those who don’t realize they are the reason it broke.

      On the other hand, I hate that Amazon wants me to do more that just give a number of stars for some items. What can I say about a litter box I bought for my cat, or book 4 in a series where I’ve written a bunch on books 1 and 2? Anything I can write is either too verbose or of the “great item, glad the price was cheap” quality. A simple wordless number of stars is just as meaningful.

      1. That is quite annoying, that they always want a rating with text. Sometimes an item already has hundreds of reviews. I don’t need to add to a sea of crap when somebody else has already done a better job explaining, I just want to rate my usb cable / trading car / lightbulb and be done.

    2. @wilbertofdelaware
      I don’t think discarding full star reviews is a good idea. If a product does exactly what it’s supposed to cheaply and efficiently, and you have literally no complaints, why not give it 5/5? I’m not talking about something complicated like a computer game or a novel, I’m thinking of, eg, power adapters or screwdrivers. I would be suspicious if the *average* is full starts, given more than a handful of reviews, but not for individual reviews.

  8. “I received this product at a discount price in exchange for an honest and unbiased review.”

    Really is cranking the Amazon review signal to noise ratio way down. If I’m searching for a product I generally cross ones of my list that have reviews like this. You can filter out these reviews by selected verified purchasers only, but when you are searching among dozens or hundreds of products, you can’t fix the search. Not only that, it games the entire system and products with paid for reviews are much more likely to be purchased, so they end up higher in the popularity list.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.