Fictitious persons serve as an effective bait for stealing confidential data.
In a recent investigation published on the KrebsOnSecurity website, a whole network of people search sites targeted at users from the United States, but based in China, was discovered. A special feature of this network of Chinese websites is the use of completely fictitious personalities as founders and a dubious principle of operation.
The investigation began after a KrebsOnSecurity reader asked about the veracity of the site "TruePeopleSearch [.] net", which offers free detailed reports on any person from the database, including photos, police records, court decisions and much more.
It is claimed that the founder of TruePeopleSearch is Marilyn Gaskell from Phoenix, Arizona, but her LinkedIn profile and quotes in various publications raise doubts about her real existence. A similar situation was found with other characters and sites, including " FastPeopleSearch[.]io" and " Cocodoc[.] com", whose registrations are also linked to Alibaba Cloud in Beijing.
Thus, the owners of these sites deliberately mislead users and hide their true identity from them. But what's the point? How do such sites work in general? Apparently, they act as an intermediary between users and major paid people search services, such as Spokeo, Intelius, and BeenVerified.
At the first stage, the user is offered to enter the first and last name of the person they want to receive data about free of charge. After that, the site allegedly performs a search and reports that the information has been found.
The user is then shown a long list of agreements that can take up to 20 minutes to complete. In these agreements, the user must confirm that they will not use the received data for employment or rental purposes. Such agreements allow such sites to be classified as non-consumer reporting agencies, which excludes these services from the American Fair Credit Reporting Act (FCRA), and therefore eliminates possible penalties from the United States.
When "all the papers are filled out", and the user has already spent a lot of time, another surprise awaits him: you need to pay for a subscription that costs $35 per month. As a rule, at this stage, the exhausted user does not want to give up halfway, so reluctantly accepts the "rules of the game" and pays for a subscription.
After payment, the user is redirected to one of the major paid search services for people like Spokeo, Intelius or BeenVerified, and already there they get the information they need about a particular person.
As the investigation found out, from the point of view of the services provided, users are not deceived, because information about the right person can really be obtained, albeit in some strange roundabout ways. In this scheme, the Chinese sites themselves act as front pages, which are simply connected to the API of large services and act only as an attractive shell.
So what is the benefit of the owners of such dummy sites? As it turned out, for each subscription made through a fake site, owners receive an affiliate commission from Spokeo and other services used. The amount of commissions is not disclosed, but given the scale of the operation, the income can be quite significant.
Thus, under the guise of a free search service, an entire partner program is hidden, and given the Chinese origin of fake sites and their dubious principle of operation, it is far from a fact that the data of American citizens obtained in this way does not leak directly to the Chinese government. At the same time, the true owners of such fake resources mislead users about their ownership and location.
This investigation highlights not only issues related to the reliability of information on such sites, but also broader issues of privacy and data protection in the digital age. It also highlights the need to create up-to-date laws on privacy and consumer data protection to ensure adequate protection of personal information from unauthorized access and use.
In a recent investigation published on the KrebsOnSecurity website, a whole network of people search sites targeted at users from the United States, but based in China, was discovered. A special feature of this network of Chinese websites is the use of completely fictitious personalities as founders and a dubious principle of operation.
The investigation began after a KrebsOnSecurity reader asked about the veracity of the site "TruePeopleSearch [.] net", which offers free detailed reports on any person from the database, including photos, police records, court decisions and much more.
It is claimed that the founder of TruePeopleSearch is Marilyn Gaskell from Phoenix, Arizona, but her LinkedIn profile and quotes in various publications raise doubts about her real existence. A similar situation was found with other characters and sites, including " FastPeopleSearch[.]io" and " Cocodoc[.] com", whose registrations are also linked to Alibaba Cloud in Beijing.
Thus, the owners of these sites deliberately mislead users and hide their true identity from them. But what's the point? How do such sites work in general? Apparently, they act as an intermediary between users and major paid people search services, such as Spokeo, Intelius, and BeenVerified.
At the first stage, the user is offered to enter the first and last name of the person they want to receive data about free of charge. After that, the site allegedly performs a search and reports that the information has been found.
The user is then shown a long list of agreements that can take up to 20 minutes to complete. In these agreements, the user must confirm that they will not use the received data for employment or rental purposes. Such agreements allow such sites to be classified as non-consumer reporting agencies, which excludes these services from the American Fair Credit Reporting Act (FCRA), and therefore eliminates possible penalties from the United States.
When "all the papers are filled out", and the user has already spent a lot of time, another surprise awaits him: you need to pay for a subscription that costs $35 per month. As a rule, at this stage, the exhausted user does not want to give up halfway, so reluctantly accepts the "rules of the game" and pays for a subscription.
After payment, the user is redirected to one of the major paid search services for people like Spokeo, Intelius or BeenVerified, and already there they get the information they need about a particular person.
As the investigation found out, from the point of view of the services provided, users are not deceived, because information about the right person can really be obtained, albeit in some strange roundabout ways. In this scheme, the Chinese sites themselves act as front pages, which are simply connected to the API of large services and act only as an attractive shell.
So what is the benefit of the owners of such dummy sites? As it turned out, for each subscription made through a fake site, owners receive an affiliate commission from Spokeo and other services used. The amount of commissions is not disclosed, but given the scale of the operation, the income can be quite significant.
Thus, under the guise of a free search service, an entire partner program is hidden, and given the Chinese origin of fake sites and their dubious principle of operation, it is far from a fact that the data of American citizens obtained in this way does not leak directly to the Chinese government. At the same time, the true owners of such fake resources mislead users about their ownership and location.
This investigation highlights not only issues related to the reliability of information on such sites, but also broader issues of privacy and data protection in the digital age. It also highlights the need to create up-to-date laws on privacy and consumer data protection to ensure adequate protection of personal information from unauthorized access and use.
