Gather around kids, this is gonna be a fun one. I might even get sued, finally. Yay!!1
Recently, on some random news station, I heard about Walmart’s new “Money Card” which is nothing more than a prepaid Visa card. Just like any other such card, it has a website where you can check your balance, add funds to your account, etc. Alternatively, you can have your account information stolen, be exposed to hardcore XXX porn, or line the pockets of a bottom-feeding douche bag while trying to reach the site. Why? Because Walmart, just like most companies, is nothing short of retarded when it comes to internet security and protecting their brand in the online world.
But, but, but… Their site says that it’s secure. It even has a nifty little seal on it from Thawte verifying that it’s protected by RC4 128-bit encryption.
Yeah, so what? I said that all those evil evil bad bad things could happen to a person while trying to reach the site. I never said that they’d actually make it there. Your good ol’ Uncle Buck or Aunt Charlene who’s not too savvy on that there interweb, but falls perfectly into the demographic of folks who would have a Wally World prepaid money card, is likely to mistype the web address. That’s why any security-minded company who wants to protect their customers and brand’s image would / should at the very least register all of the most common typo domains when setting up shop on a new domain - especially if it’s a financial kinda deal. In Walmart’s infinite wisdom, they did no such thing.
After hearing about this new Walmart card and the accompanying website, I checked to see if they had registered and were forwarding over traffic from one of the most common typos: the full web address prefixed with a “www”. Typing out “www” and then forgetting or simply missing the dot afterwards is commonplace among eTards and fast typers. Sure enough, wwwwalmartmoneycard.com was wide open. So, I registered it. Just for good measure, I went ahead and registered almartmoneycard.com today too. Missing the first letter of a domain is also pretty common. Luckily for Wally World, I snagged those domains with the sole intent of using them as an example for this blog entry. This could have played out much differently…
Stealing Account Information
It’d be super easy to setup an identical spoof website and steal account information when people try to login. After entering in their account info, I’d bounce their asses through a couple url forwards and plant them on the real site’s login error page. They’d think that they simply mistyped something (Yay! Irony) and reenter their info. In other words, I’d steal their login info, they’d never be the wiser, and Walmart would have no idea why people kept going directly to their login error page. I’d go into more details about how to pull this off without getting caught, but I’m not looking to draw a road map to success for any would-be asshats.
Don’t even start in with that lame “you couldn’t do anything with just the account numbers and expiration dates” nonsense. Even if I didn’t log into the accounts to get their names and whatnot, I could cash in on those puppies. And if I wanted to be super evil about the whole thing, I could add a field for their PIN numbers on my fake login page and literally cash in on those card numbers at ATMs. It ain’t no thang but a chicken wang to slap card numbers on some blank cards.
Trashing Walmart’s Brand
If I was a disgruntled ex employee, hated Walmart for “shutting down my business”, or simply wanted to screw with them for having bathrooms that smell like piss there’s a ton of stuff I could do with those domains. Slap visitors in the face with some hardcore gay anal porn, post anti-Walmart propaganda, redirect all the traffic to Target’s website, etc… Uncle Buck and Aunt Charlene couldn’t care less about all the technical details. They’d be “madder than hell” at Walmart if they got their eyes full of two grown men playing hide the submarine when they “went to Walmart’s website”.
Lining your pockets when outright theft isn’t your thing
The last option worth mentioning is what most likely would have ended up on those domains if I hadn’t grabbed them. Domain squatting (call it “cybersquatting” if you must, lamer) is a very real business in the gray market. Lame-tards register tons of domain names and typo domains and slap domain parking pages up. Typically, these pages are plastered wall-to-wall with text ads related to the domain name. Whenever someone visits one of these pages and clicks an ad, the owner of the domain makes anywhere from one cent to a couple of bucks depending on the page’s niche / ad type. Since credit card / financial ads pay well, the domains I have would be perfect for this.
Using the domains in such a fashion is pretty much harmless to the real site that you’re leaching off of. Uncle Buck will likely get that goofy look on his face as he clicks an American Express ad in hopes of finding Walmart’s site, but no kittens will be harmed. Regardless, there’s no excuse for a large company to allow douche-nozzles to be leaching off of them in this way. There are legal steps that can be taken to get domains from such people.
So, who’s at fault for this crap?
The only reason I’m picking on Walmart is because their site is new and I happened to see that news report. Tons of other companies are equally retarded when it comes to this stuff. Capital One, Discover Card, and countless others currently have lame-tards making money with domain parking pages sitting on the “www” prefixed versions of their domains and other typos. And, Walmart people aren’t the geniuses behind the Walmart Money Card. Their cards / website is all being taken care of by a third party: Green Dot - hereinafter to be known as the people Walmart is pissed at for making them look like retards.
The guys who should be blamed the most for this kinda stuff in general are the domain registrars: GoDaddy, et al. They should have systems in place to flag all domain registrations that have a trademarked name in them or begin with “ww” so that they require human review before the would-be owner gains possession of the domain. Domains like almartmoneycard.com would slip past such systems, but simple shit like this would still help out overall internet security health a bit.
I shit you not… After registering the “www” prefixed domain there was an issue. After setting up the DNS to point at my server space, it never resolved (started working). My host guys said that it was a “problem at the registrar level”, so I had to call GoDaddy to get it straight…
Which domain are you having these problems with?
W-W-W-W Yeah, four W’s… And then A-L-M-A-R-T-M-O-N-E-Y-C-A-R-D dot com.
So, it’s three W’s and then Walmart Money Card dot com, right?
Yup.
Can you hold on one minute for me?
Sure.
*totally expecting a manager to get back on the line and drill me about my planned use for the domain*
Hey, Mr. Williams… It looks like a server-side issue. Everything is working fine on this end.
That’s a paraphrase but I swear to strippers and one dollar bills it went down just like that. Shame on you GoDaddy. Oh yeah, please don’t screw with my domains over this blog entry :P
Ultimately…
It doesn’t matter who’s really to blame. When you have an international brand / image and customers to protect, whoever people perceive to have screwed up is responsible. So, I repeat…
Dear Walmart: Your online security blows.
P.S. You can’t have the typo domains that I registered. Sue me, I dare ‘ya. The next thing I’ll teach you about is a neat little thing called “fair use”.
Related Articles
16 brave souls have commented on this post
Gotta love walmart. Glad you brought this up. Maybe I will send it to my aunt who is a complete fucking retard online and will probably have one of these things. All hail the holy white trash discount store.
having deep Wal-pockets, they deserve all the shit that can be thrown at them!! Uncle Buck and Aunt Charlene were always
my least favorite relatives anyways, ‘cuz they’s so dumb!!
Thats Wal Mart for ya. They don’t give a crap about thier customers
That article was super awesomesauce!
Very informative. I’m thinking of opening a side business now. Thanks L! (just kidding..)
GAO publishes a list of four major challenges
sometimes I wonder about basic awareness too. :O
http://www.fcw.com/article103301-07-23-07-Web
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=201200774
http://www.linuxelectrons.com/news/general/10857/cybercrime-poses-challenges-government-industry-says-report
http://www.gao.gov/new.items/d07705.pdf
wonderful…simply wonderful. now down to brass tacks. YOU have something very unique that very few people will ever posses in their lifetimes. a slight bit of power over walmart. sure, it’s not going to crumble their empire of raped/discount kittens, but still, due to the evil evil things that one can do with these, it could turn into a nasty little p.r. nightmare that they probably don’t want to deal with. if it were me, i would make them PAY for them(to charity that is, preferably something Jewish) or even better…a sizeable donation to help form undeveloped walmart labor unions. and if they don’t want to pay, fine. i guess you’ll just have to raise the money for fighting Jewish autism yourself…by auctioning the adresses off to the highest bidder. walmart better hope that the person who won the bid shared the same code of ethics as you.
You should post some anti-Wal-mart info.
If that’s the worst thing that happens to them behind this,they’re gettin’ off easy.
Walmart sucks! And heres just another reason why. Thanks for the info.
Very good information, and thanks for posting this. I don’t shop at walmart anyway, but this is good information for those that do, in terms of visually seeing the potential dangers and making themselves aware.
Sharia
LoLo is actually helping Walmart for free (if you ignore the cost of registering the typo-sites) and all of us can attest at any court of law that his intention is nothing but good. The jury will agree with us as the “innocence being wrongly accused” case would be too obvious even for them. Moreover we will campaign for LoLo and against walmart. Bring it on!
I wish Wal-Mart would just die! WM has completely f***ed-up our qualities of life by their low-to-middle-class marketing of Chinese bulls**t, and taking all our tax base dollars to Bentonville, Arkansas. Stay on their ass, Lo.
So, I’m wondering, how many page viewws are you getting on your misspelled walmartcard sites?
Re Mike:
It’s hard to say. By posting this blog entry I’ve screwed up any real stats and the almart one was registered the same day as the entry. The www prefixed one was getting 1 - 6 visits per day before this entry. It’s safe to assume that number will go way up as these cards get into the hands of consumers.
Hi Man your to cool , i like that i”m a SCAMMER myself i work hard at it , sofar i work alone but you make me think , . anyway i love walmart where else can you go in spend all night looking around at stuff and eating up the stock lots of time i reprice something i want but cheeper , or put on a new pair of shoes and socks ball cap , etc,,, hell i even help myself to some icecrem , yes i do love wallmart , email me and lets do something evil , jonjon
Thank you so much!!!!!!!!! I’m One of thoes fast typers that could have very eaisly fallen prey to some son of a bitch that would rather steal my hard earned cash than get a real job. I really appreciate your online wisdom. you are really a true american with true american values unlike Walmart!!!!thank you again and as far as wal mart goes, the card never got activated. They can kiss my ass!
Speak Your Mind