FAKE Revenue ScreenShots

[3Six]

sdavis, yes, it's the stupid buyers. As I said earlier in the thread, they should learn their lessons and move on. Fake screenshot do a good job of weeding out the weakest buyers who think any idiot can make money online by buying a website (thanks partly to all those "flipping" ebooks out there).

[pchoward]

To prevent flippers from posting fake revenue screen shots, you have to eliminate the people who will actually pay for it. (and that's not going to happen) Remember... they don't do it because they just simply have a bad habit of doing it. They do it because it makes them money. Raising awareness won't do a thing.

Sitepoint can raise awareness if they wanted to by warning of this and other fradulent activity. Yes, its already on the radar of active flippers, browsers, buyers but someone new to the marketplace may have no clue. Thats where sitepoint should raise awareness and educate the buyers similar to the way ebay does. As it is, they let these scammers come in and take no accountability for it.

[felgall]

Since it is impossible to tell a fake from the real thing the whole concept of looking at data from screenshots or videos of screens is flawed.

[pchoward]

Agreed that it is impossible to distinguish between a halfway decent photoshopped screenshot of some numbers and a legit screenshot. But it should be possible to prove a legit paypal logon by verifying the ssl cert. You can fake the url with hosts files and even put a fake cert on that but the fingerprint would be a giveaway.

[felgall]

Agreed that it is impossible to distinguish between a halfway decent photoshopped screenshot of some numbers and a legit screenshot. But it should be possible to prove a legit paypal logon by verifying the ssl cert. You can fake the url with hosts files and even put a fake cert on that but the fingerprint would be a giveaway.

Who said a fake screenshot required photoshop?

Just use the hosts file on your computer to point any domain at localhost and you can display your own fully faked version of any web page in any browser on your own computer and show it to someone in real time with their not having any way to tell it is faked unless you do something that makes it obvious. Also if you are showing it to someone then how are they going to see the certificate unless you show it to them (and a self generated certificate would probably get past all but the most security knowledgeable of buyers since you'd add yourself as a root authority for the browser so it doesn't complain about certificates you create).

[pchoward]

Who said a fake screenshot required photoshop?

Also if you are showing it to someone then how are they going to see the certificate unless you show it to them (and a self generated certificate would probably get past all but the most security knowledgeable of buyers since you'd add yourself as a root authority for the browser so it doesn't complain about certificates you create).

That does raise the bar in fakeness Screenshots are out..

During a live screen viewing session, a prospective buyer should require the presenter to display the certificate details during the presentaion along with other methods of verifying authenticity. It does get beyond the average users knowledge of security but thats where raising awareness and education come in. Would be a good topic for someones blog or sitepoint article.

[felgall]

That does raise the bar in fakeness Screenshots are out..

During a live screen viewing session, a prospective buyer should require the presenter to display the certificate details during the presentaion along with other methods of verifying authenticity. It does get beyond the average users knowledge of security but thats where raising awareness and education come in. Would be a good topic for someones blog or sitepoint article.

If the person sets themselves up as a root certificate authority in their browser then they can produce a certificate for their fake web site which when viewed on their computer looks almost identical to the real certificate on the real site (you'd have to have them both open at the same time and compare them carefully to see any difference). Unless the seller gives you the password to their account so you can login and see the revenue for yourself on your own computer there is no way that you can easily detect that the session you are watching from their computer where they log in and show you their revenue is not using a faked copy of the site on their own computer with a faked certificate.

The only protection you have against this is that setting it all up would take a certain amount of the sellers time and so they are not going to bother doing it for a site they hope to sell for a few hundred dollars. A few thousand dollars is a different matter.

[3Six]

Sitepoint can raise awareness if they wanted to by warning of this and other fradulent activity

Sitepoint should do no such thing, and I don't believe they will.

Stupid people should pay for their stupidity. Protect them from themselves by shielding them from some cons and they'll just go fall for other cons. We'll just be making them more stupid, and that's a dangerous road because it goes on and on.

"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." Albert Einstein