How a Website Exploited Amazon S3 to Outrank Everyone on Google(blog.usejournal.com) |
How a Website Exploited Amazon S3 to Outrank Everyone on Google(blog.usejournal.com) |
The way I see it, you only search for coupons once you see a product at a retailer and you want to buy it (or even once you already have a shopping cart built up, and are on the checkout form where the coupon field is). So the retailer already acquired you as a customer, and you're ready to checkout. Most likely you'll end up checking out anyway even if you don't find any valid coupons (which is what's currently happening, since most coupons don't work anyway).
So why are retailers still paying out affiliate revenue in this case? They have the customer already. This shady affiliate doesn't bring them anything they didn't already have.
They can easily fix this by only paying out affiliate revenue for actual, legitimate affiliates, those that brought you a brand new customer. If the user already spent time browsing your website and built up a shopping cart, don't pay out affiliate revenue even if they do end up clicking on an affiliate link after.
The people who are working at these big legacy retailers in 2018 tend to not be very sophisticated about online marketing. I'm being polite with that understatement.
So nobody calls out the marketing departments on this because there is so much political BS going on anyway as everybody is scratching and clawing for their piece of an ever shrinking pie.
I worked in a similar situation and I wanted to stop working with these coupon sites for the obvious reasons you pointed out. I got overruled by higher ups and I later came to learn that my complaints about this practice were a career limiting move.
They just want to be able to take credit for driving a ton of sales even though everybody with half a brain realizes they are not generating new sales. They are simply cannibalizing the business because the vast majority of the time these people would buy at full price anyway if their Google search never turned up a coupon.
For example, talk to anyone running Google AdWords campaigns, they’ll tell about “branded” vs “unbranded” search terms, and how you should treat them all as one big bucket. They’ll say the unbranded terms generate demand, while the branded terms are the “closers.” This is PURE BS. “Branded terms” are literally someone searching for “Jira”, clicking the ad that takes you to Jira instead of the top non-ad link right below it, buying Jira, then saying “they bought it because of the ad.” Unbranded is people searching for “issue tracking software”, seeing a Jira ad, clicking it, then buying. That’s legit, but likely the CAC for unbranded is like 2-5x the LTV of the customer, and totally not worth it. But if you lump it together with the “branded” ads (people literally searching for your exact product, and randomly deciding to click the ad over the legit search result right below it), the CAC looks great. Marketing is FULL of BS like this.
My wife installed a plug-in on our family computer that looks up coupon codes for you at checkout time. But often they don't work, so I don't even bother with them. To me, that suggests that even if its 'easy' to find the coupon codes, the coupons still work as a form of price discrimination.
What's their opinion of Apple, for example? Would they operate the same way there?
Since they can't cookie stuff on us to make money they are just trying to get additional eyeballs for ads by organically ranking for anyone searching for a coupon for my brand.
I think that's quite an assumption. I have no data either way, but personally I'll rarely make a spur of the moment purchase without something pushing me over the edge. Those £60 sneakers? Pass. Those £60 sneakers with 20% off? Yeah, ok then.
How often do you find that those £60 sneakers were "on sale" for 20% off on one site, while being "full price" at £48 on other sites?
It's pretty common for me. There's much less variation in the price something is selling for than in the amount of "discount" you're supposedly getting.
I usually open a private window to mitigate them doing something less the super sophisticated.
In my case, I can often get the same item (or similar quality item) for same or near price, I value the extra points a retailer that participates through the affiliate program provides, and I choose that retailer.
Not so easy. New customers like to shop with coupons too. There's certainly no guarantee (or, in my opinion, even a likelihood) that only awarding affiliate commission for new customers would rule out coupon purchases. I personally always scout around for discounts and coupon codes before shopping anywhere - it has nothing to do with whether it's my first purchase or not.
> If the user already spent time browsing your website and built up a shopping cart, don't pay out affiliate revenue even if they do end up clicking on an affiliate link after.
I think this makes more sense without the "even" word. Also, if the link was clicked on before the cart was built up, a commission would be in order.
Besides, even if like you said a user is ready to buy something, there could be better coupons from rival retailers which bring the user to the site and look for the same product. Isn't this what a lot of retailers want? Using better coupons to bring users from competitors site?
There are many other scenarios, without considering those and just make the decision is really bad.
That said, affiliate networks expend a huge amount of resources into convincing retailers that coupons bring incremental sales. Reason being, it gives them an opportunity to plant cookies with every sale the retailer makes, not just those driven by a legitimate affiliate.
You could say sales do the same thing, but online sales are so overused that I personally disregard them because I figure the store will have another fake sale soon anyway.
Coupons allow you to selectively target price-sensitive customers with lower prices, resulting in better matching of your price to buyer's willingness to pay.
Regardless, most likely there are links involved, and there actually be canonical tags involved, as well. If there are links involved they're most likely hiding them from link crawlers like ahrefs and Majestic.com.
I'd put my bet on links (that are hidden), link ghosting, or cross-domain canonical tags.
It's not "just because it's on the Amazon domain". If domain authority existed, we'd see sites on Google sites, Business.site rank--and they don't.
Not that I condone it but the sheer ingenuity can be appreciated.
Finally, someone has openly spoken about it, instead of exploiting it a bit more!
the s3 page has all links go to promocode.org https://s3.amazonaws.com/walgreens-photo-coupon/walgreens/in...
When you click on that you get redirected to promocode.org where you get re-prompted to click on the promo code and that's where the cookie promo gets tacked on the walgreens website.
I understand that amazonaws.com is a highly-ranked domain. What part of this process makes this particular s3 webpage rank up in search algorithms though? At the end of the day don't you need lots of _direct_ inbound clicks and links to this specific s3 page for it to rank higher?
The only way I see this working is if _indirect_ clicks of the entire domain count towards the ranking of this specific page -- that doesn't seem right though.
edit: looks like the paragraph above describes the concept of "domain authority" so that's probably the answer
> Imagine Usain Bolt looking back as he runs the 100 meter dash and seeing you covered in sweat, screaming up behind him. Imagine the look on his face. That’s my face when I saw this page went from total obscurity to top ranking for “g2a discount code” in one month and generating an estimate 30,000+ visitors to that one page.
Really effective use of imagery. I love how he directs your attention to think about Bolt’s face, which is easy to imagine.
The main idea of the post doesn’t seem to be related to social engineering, though. Sorry for the confusion, I should have clarified.
When you click the "show coupon" boutton, two things happen
1. A javascript "click" event is triggered (in coupon.js) and executes : window.open(https://www.promocodefor.org/promo/walgreens/walgreens-photo...) This opens a new tab at this url, this page shows the fake coupon code.
2.Since the button is a <a> tag with href="https://www.promocodefor.org/go/pcfc833699cf9ddea03", the current tag navigates to this url
Then you follow 7 redirect redirects (code 302) to pages owned by https://skimlinks.com who redirects to pages owned by https://www.conversantmedia.com who finally redirect to https://photo.walgreens.com/store/prints?tab=photo_Promo1
It's basically an affliate link to walgreens.
The question is how did https://s3.amazonaws.com/walgreens-photo-coupon/walgreens/in... rank so high in google ? Just because it's hosted on amazon doesn't make sense. There is a trick that we don't know.
I think it's hosted on Amazon S3 juste because it's very cheap hosting, since the site is a single .html file
i mean i know it's all about consumer surplus, but all walmart knows is that someone on the internet wanted to get a discount, did not get it, and now walmart pays random SEO cash. They lose margin, the buyer is frustrated cos they paid full price, and walmart knows nothing about surplus because the client paid full price - no differentiation no price signal.
how is walmart winning here?
I really wonder why deleting all the cookies for a given website as soon as you close it isn't the default behavior and not even a built-in option in web browsers. I use Vanilla Cookie Manager in Chrome to make it work this way.
Probably because users would find it annoying to have to log in to all their websites again.
The sad reality is there's not much point in having privacy features if nobody uses your browser so there is a balance to be struck.
> Seth Kravitz is the CEO of PHLEARN, the world’s #1 Photoshop & Lightroom training company online
wow. i guess CEOs of any online company have to have deep deep understanding of SEO these days. and what better SEO than blogging about things unrelated to your company! as we just saw a few days ago from 3byte.
This is so phishy. Doing a landing page on Amazon S3 and having all the link redirecting to your real website.
I'm starting to wonder if shady SEO marketing companies aren't already doing this to promote their "clients".
I hope the Google SPAM team we'll do something about it.
now everyone's going to try that and it stops working
but then people are going to start naming their s3 buckets amazon-
Each page of a site doesn't need a ton of links to that specific page to rank, just links to the site in general (site being root link plus subdomains).
That's typically why blogspot-type services give you a subdomain, and not a page on their main domain.
It's been known about in SEO circles for a while[0], will be interesting to see if things change in the next major Google update.
[0] https://www.blackhatworld.com/seo/how-to-get-backlinks-from-...
No idea. The article basically ends with "I'm not sure exactly how this happened so I'm going to talk to some experts". A bit of a letdown, tbh. I was waiting for the big reveal!
Not quite. Notice that when you click "Show Code" (the first click), a new window is opened and the existing window is redirected to Walgreens.com. All the action happens on the first click.
It really depends on how you define site authority.
As the article you cited states:
“I am just labeling that unknown multiplier effect as a trust factor, that’s all.
That’s a realistic definition of Site Authority, as a catch-all for all the quality signals that Google uses in it’s core algorithm.”
At least in the early 2000s having a page on a high authority(however you define it) domain automatically guaranteed higher rankings.
So even today, it is pretty much impossible to outrank wikipedia on some mundane(non SEO worthy) topic even when wikipedia article is more basic, has less inbound links and even cites the more substantial article which is based on some random "low quality" domain. Obviously citation needed here...
I'm sure they wish we'd forget PageRank ever existed too.
This is like saying "Most people who watched the TV ad didn't buy anything, how is Walmart winning?"
The age old saying is that you know half of your marketing budget is wasted, you just don't know which half. It still applies now even if you can track users.
if i turn up at the till with coupon clipped from the tv guide, then putting coupons in the tv guide is a viable channel to reach me
if i turn up with a cookie from whichever SEO happened this week to be on top for "gardening gloves", but there is no legal coupon just a cookie, then what has walmart learned? that google is a channel ? it's too big to be useful
But affiliate marketing as a whole is one of the shadiest internet industry. The coupon thing is one of the many tricks in the book to get your cookie everywhere and earn $$ without providing any value.
There's an awful lot of fraud like that but somehow the benefits seems to outweigh it because the industry is still alive and kicking.
Having seen numbers for some affiliate channels, my guess is that it's probably grossly overvalued but people still buy into that because the numbers look good, from afar, especially if you compare them to Search or Social. But the pricing model (CPA > Cost per Acquisition / Conversion) is different so I guess both sides are fine with that.
It's a mouse and cat game that is the usual playbook between the "good guys" and "bad guys", as you'd see in security, pirating, etc ...
---
Also, this is hardly a secret but it's actually really hard to properly estimate the ROAS / ROI of advertising in general and most of it is like a black box.
You pour some money in, get more money out if you play your cards well. Maybe you nailed your strategy and execution, maybe you'd still have made the same money without advertising.
They can identify and cancel those SEO accounts and deny payout. Meanwhile, the real advertisers have lost their cookie and don't get their deserved payout.
I totally agree. And in all of those cases, the page that is on that "high authority domain" has INTERNAL LINKS from other pages of that site. The site has high authority because other high authoritative links point to that site. And that site links internally to that page. That's why that page ranks.
That's completely different than having an orphan page or an "orphan site" (a set of orphan pages) that are on a highly authoritative domain. Just because those orphan page(s) exist on an "authoritative domain" doesn't mean that it will rank. Even 10,20 years ago that was the case.
In the case of this AWS site, the Amazon S3 page(s) that rank, they're orphan pages. I may be wrong, but if you go to the home page of that amazon domain, you can't click through to the page or pages that are mentioned in this original post.
Just because the orphan pages(s) or orphaned "site" is on an amazon domain, doesn't give it ranking power--because "domain authority doesn't exist.
This guy didnt catch any link with ahrefs but I was unable to rank properly without them. When I say links, I mean more than just links for getting it crawled.
So you still have to spend money/effort in it, sorry.
Also since it's been published here, any edge that you could get is over. It's going to be badly abused.
"Shopping cart abandonment" is a specifically targeted "thing", and it's not unusual to get emails "reminding" me that I "forgot" that last crucial step of actually transacting.
Edit: It can also work the other way though - I've decided I'll purchase, see a coupon code box and think I might as well check (when I wouldn't have thought to otherwise), and ended up paying half the price (it was a monthly service though, and it made me less likely to cancel it when I wasn't using it as much, so they probably won in the end).
Anecdotally, there's been cases in the past where I see a product as valuable but overpriced, and a coupon makes the difference between a sale and a pass. I will go to the checkout screen with the product to try some coupons and see if they work, not having yet made the decision to proceed with the purchase.
On priniciple I'm usually okay with rewarding diligence and thoughtfulness, but penalising those who lack the ability to perform this diligence and thoughtfulness may not be the best thing in this case.
I wasn't making any comment on the social good of price discrimination. I agree with you that some pricing strategies (buying in bulk, buying without loans/interest, rewards cards, etc) may tend to reward the wealthy. But that wasn't related to the point I was trying to make. I was trying to say that coupons seem like they could still be a useful marketing strategy for improving companies average margins per sale.
You are right that it isn't that much effort to try it. I find it annoying because they never seem to work for me. In a world where our behavior is closely tracked, I have come to wonder if the coupons don't work for me because some algorithm has figured out that I don't care.
Which actually takes things full circle from the original comment I was responding to: I wonder if online coupons are now so sophisticated that they can _only_ be offered to the price sensitive. If so, I suspect even more strongly that they are still a good/relevant marketing strategy.
> Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information.
The psychological manipulation in this case is getting people to click a button because they think that it will show them a coupon (and therefore save money), when in reality it does no such thing and instead puts a cookie in their browser.
The definition you copied is vague but includes the key phrase "in the context of information security". The coupon code sites are just scamming people by wasting their time (and primarily, scamming the retailers). It's essentially just fraud.
If this were in an infosec context (clicking something that pretends to be legitimate in order to gain some benefit), it'd be closer to phishing.
https://www.blog.google/products/g-suite/totally-rebuilt-sit...
I would argue that it does.
I spent 3-4 years deep in the blackhat SEO world - it was my living, and it almost completely was dependent on free subdomains because they ranked _so much better_ than fresh purchased domains.
Let's use a real world example.
Insert free dynamic dns service here - you create a subdomain on one of their 25-100 domains, provide an IP address for that subdomain and.. whala, spam site.
So let's say we've now got spam-site-100.free-dynamic-dns-service.com - it's a record is pointed to my host, I'm serving up super spammy affiliate pages on it. I don't build links to it, that takes too much time and investment... instead I just submit a sitemap to google and move on.
That's the short story. The long story is that I built hundreds of thousands of these sub domains for each service of this type I could find, on every one of the domains they made available. Over the course of time it became clear that the performance (measured in google search visitors) was VASTLY different based on the primary domain... to the point that I stopped building for all of them and focused on only a handful of highly performant and profitable domains.
I eventually stopped all of this because it caught the attention of some of the major retailers - I was out ranking jcpenny on their own products on subdomains/pages that had only been published for a couple days. They contacted my affiliate programs, you can imagine where that led. (I don't want to in any way impress that _every_ subdomain or page ranked that well - but it happened enough that it caused serious problems and I left the spam SEO world)
If domain authority is a myth, 1) why did my pages ever get any visitors with no links? 2) Why was the performance so vastly different dependent on the primary domain?
Also - this is still the case today. I'm still in Skype group chats with people who are still doing this same thing. It's always a cat and mouse game with google's spam team, but at the end of the day the same stuff still works.
This is becoming even more true post an August update that seems to focus on "brands" (i.e. trusted domains), especially for medical, health and money related keywords
Is that really the case now? It's been 3-4 years since I was involved in SEO, and it was very much a thing back then.
"No SEO will ever point to a Google patent or research paper to justify the idea that a Site/Domain Authority exists. Wikipedia has published a page about Domain Authority and the footnote links do not cite a single research paper or patent by Google. Not one. According to the footnotes, Wikipedia’s information is largely based on blog posts by SEOs. There are no links to anything official from Google."
The Googlebot patent 8,042,112 does describe the existence of a "boost" factor when prioritizing crawl.