top | item 39644962

I'm an idiot. I just gave money to kinda-scammers, not the US government

38 points| ohwellmaybe | 2 years ago

Ok, so hear me out. And may this serve as a warning. I'm technical and usually fairly well-prepared, but still...

Mistake #1. On a Friday evening I decided to quickly settle things out for my upcoming travel to the USA in a little over a week (I'm in a dutch citizen, living in the Netherlands). Friday evening. After a very hard week and lots of travel. Very tired. Idiot. https://imgur.com/a/lmsaM48

Mistake #2. I google ESTA, and click on the first link that looks legit because it has something that looks like an offical US Gov seal etc. I don't check the domain or that it's under the sponsored section. Idiot.

Mistake #3. I land on a website that looks exactly what I expect a gov website to look like. Official badly designed form. But it's not too terrible. So I'm positively surprised. It's asking lots of questions. I don't look at the fine print. I start filling in the details. Idiot. https://imgur.com/a/b7kIoVn

Mistake #4. I fill everything in, upload my passport etc. Pay with a credit card (hey, I didn't forget to check for https!) IDIOT!

I receive an email with a confirmation. It doesn't have the $ paid. And I need an invoice to claim expenses as it's a work trip. That's when I start looking more closely and the penny drops.

I hope they just charged me 98 dollars instead of the official 21. That would be a fair price to pay for being an idiot.

But they have my passport details an all. Which is highly unsettling. I'm still wondering whether I need to go change everything immediately.

I'm mostly angry at myself for being an idiot, but also a little bit at google for allowing this shit. I guess what they are doing is not technically illegal (charging people 70 bucks for resubmitting their form). So it may be hard to pin down from a legal standpoint (assuming they don't sell your data). But still... prioritizing sponsored links when people are clearly searching for government websites seems like pure greedy evil. Meh.

P.S. THIS FRIDAY KEEPS GIVING Mistake #5. I post it here with a throwaway account ONLY TO REVEAL MY NAME in the Dropbox links (since changed to imgur). COMPLETE IDIOT! This day shall be celebrated as my personal idiocy day for many years to come. What else have I f*cked up?

48 comments

ohwellmaybe|2 years ago

Ok friends, I have an update. They emailed (and SMSed!) me back asking for more details. The questions were legit (regarding my previous citizenship etc.) But I used the opportunity to ask them to cancel my order. Within 10 minutes got a replied back that the order was canceled (no questions asked) and indeed the reservation on my credit card is gone.

I can see similar stories here (i.e. when asked to cancel they cancel and give money back): https://www.trustpilot.com/review/www.usimmigrationsupport.c...

Just for me to sleep better tonight, I shall interpret this as a confirmation of the theory that this not a scam-scam, but just a business set up to trick idiots like me. And once they see that you realize - they just cancel in order to avoid confrontation. Cheaper and easier.

bombcar|2 years ago

You were lucky. You fell to a legal scammer vs an illegal one.

The trick with a legal scam like this, is to bend over backwards if anyone complains - which they did.

An illegal one and they'd milk you in every way possible.

By the way - posting about it is a great way to save yourself if it were an illegal one; because the illegal ones want you to NOT communicate about it, and use the shame of making a mistake to encourage keeping it secret.

advisedwang|2 years ago

Google is literally getting a cut of these scams through their ad revenue. Google should be responsible for preventing scams being able to buy their way to the top of the search results.

smsm42|2 years ago

Yes, and they are likely very good customers - because their whole business depends on being very high in search results, so they are willing to spend a lot on it. Looking as they are basically charging a markup on a service that somebody else (the government) provides, they are probably willing to share much bigger part of their revenue with Google than a legit business would.

carlosjobim|2 years ago

And Meta for all the fraud and scam ads on Instagram and Facebook.

People are getting all worked up about ridiculous antitrust stuff, while everybody is ignoring that Google and Meta are making billions of dollars of profits from outright organised criminal activity, which these frauds and scams are.

beej71|2 years ago

I wonder if Kagi would have been better or if it also had the bad results first.

snorkel|2 years ago

Yes and me too! I fell for the same gov-looking web site scam when renewing a passport in a hurry, courtesy of Google paid search rankings.

Do no evil, but how about earning money from evil doers?

adrianmsmith|2 years ago

Yes, Google either don't care about scams, or they actively encourage them because they get a cut. Google are not the good guys here.

I regularly see scams on YouTube, e.g. an advert showing a video of Elon Musk explaining how he's going to give money away. Unambiguously a scam. I report the adverts, they are fine, according to Google. https://twitter.com/adrianmsmith/status/1727623865952514493

etrautmann|2 years ago

this happens for flight changes and cancellations as well. Search will surface numbers that purport to be the company, but are a third party that charges insane overheads to rebook or update your travel.

skhunted|2 years ago

The market, both illegal and legal, has gotten very at taking advantage of us during our moments of non hyper vigilance. No one can be vigilant at all times. Eventually you will be taken advantage by someone.

Loughla|2 years ago

It's tax season. If you Google free tax usa, the second ad is a phishing scam.

FUCK Google.

ordu|2 years ago

> I'm an idiot.

Psychologically speaking it is not a right attitude. Martin Seligman[1] would call it a personal, pervasive and permanent causal explanation which is worse than bad.

> Very tired.

Much better. Still personal and pervasive, but not permanent. It assumes the possibility of a change.

> I don't check the domain or that it's under the sponsored section.

Even better. Still personal, but very specific.

> This day shall be celebrated as my personal idiocy day for many years to come.

Humor it good, but I think, you need just stop and relax and ask your the most important question: why all this happens in such a succession? What can you do to avoid piling mistakes like that in future?

I experienced something like that, and for me it was an urge to act immediately that made me to pile one mistake on top of another. I think it is fight or flight response. I've learned to detect such mental states and to slow myself. Fight of flight response is driven by hormones, so if I manage to show my mind that I'm safe and to keep this mind state for a 10 minutes, then my body cleans up adrenalin with friends from my blood, and I return to a normal mental state, I could think straight, do not make more mistakes than it is normal for me, and so on.

To make myself feel safe I normally try to imagine the worst outcome and accept it like it had happened already. Body tends to overreact to bad events like they are life-threatening, but they aren't. So accepting the worst (which is not a death or even nearly as bad) allows me to spend 10 min drinking tea or talking to a friend, and them I'm me again, not a some panic-stricken idiot.

I wonder how people manage this when their profession requires a fast reaction times, when they have no 10 min to deal with a sudden attack of hormones. Some heuristics and rules of thumb ingrained by a learning, I presume.

[1] https://en.wikipedia.org/wiki/Learned_optimism

xandrius|2 years ago

Mistake #0 not using an adblocker which removes "Sponsored" results.

ohwellmaybe|2 years ago

YES! which one would you recommend?

the__alchemist|2 years ago

This is similar to scams you face when registering for a small business in some (all?) US states. Official-looking compliance documents physically mailed, and emailed. The gist is the same: They shadow official forms, with a large markup. There is always fine print explaining that they are not associated with the state etc, but their business model is to fool their targets into thinking they are a state agency.

There's a similar scam for UAV registration.

danpalmer|2 years ago

This is a common "scam", there's an equivalent for many countries. I say "scam" because the service these companies claim to provide is an easier, guided process to apply for things than the official process. And, sometimes, for some people, maybe that's true.

If you're an EU citizen travelling to the US, that's kinda playing on easy mode, and the value add here is clearly so low that the $70 feels like a scam. If you're a citizen of another country with more complex application procedures, it could be trickier (although unlikely to warrant $70). If you're a less technically literate user and they have an easier to understand process, maybe it's worth it? I don't want to make that judgement call.

It is highly unlikely that your passport details are going to be sold on. It's somewhat likely that your email address will be sold on to advertisers. It's fairly likely that you'll get upselling emails for other services they provide, although you should be able to GDPR them. The aim is the $70, not to steal your identity. The business model is to be technically-not-a-scam, legal, and therefore not something that advertisers realistically can de-list. It sucks, but thankfully you're only out $70, and you'll probably be able to expense it, just don't give your work too many details about what it is.

13of40|2 years ago

The same sort of "scam" has helped me immensely in getting visas from countries like Russia and India, where the official process seems like it's geared toward supporting a cottage industry for third party agencies. For India in particular, doing it through the official web page required things like fitting a 100 character street address into a 40 character text box (or you get an error and it's back to square 1), trial and error to figure out what they think a valid date format is, etc. There was even a whole side quest around an alleged alcohol consumption license from Maharashtra State that featured prominently on government websites but no Indian person I knew had ever heard of.

So yeah, I think you're spot on, and this is just spending a little extra money to make the process easier, but it's just not super useful in this case.

marcosdumay|2 years ago

> If you're an EU citizen travelling to the US, that's kinda playing on easy mode

Whatever country you are traveling from, the procedures are the same. The only variation is if you need a visa or not.

What changes from one country to another are the rules the US will apply to decide if they'll allow your entry or not. But that's not something you do.

Services like those sell two things, the legitimate one is knowledge of the rules. But for US entry, the rules are some 5 or so steps you can easily get on their immigration pages. If your country has an embassy, the steps will be even translated to your language. The other one is bribes, that I don't believe would apply to the OP's case. So yeah, it's nothing more than a scam.

ohwellmaybe|2 years ago

thank you. yes. that's what I was thinking too.

aednichols|2 years ago

A family member got tricked by a similar scam. They asked for a refund and ultimately got one after lightly threatening a credit card chargeback. High chargebacks cause card issuers to close merchant accounts, so they are a genuine threat.

marcosdumay|2 years ago

If you are secure you'll get the chargeback, why not go directly for it? Report the transaction to the operator as a scam.

You shouldn't be nice to people doing this.

thayne|2 years ago

On a related note, I know someone who tried installing an authenticator app for 2FA. They searched on the apple app store for such an app, they may even have searched for "Google Authenticator" although I'm not actually sure, and chose the first one. Although there are free quality apps for TOTP authentication, the first result required a rather expensive yearly subscription. Again, it isn't technically a scam, because as far as I can tell they provide a real service, but it is also clearly designed to trick unsuspecting users into paying way more for something than they should.

friendlyshadow|2 years ago

Don't beat yourself up mate.

Lessons about security should be learned, but Google is complicit in this fraud.

Most people don't expect hijacked search ads with malicious advertising. I've personally witnessed well over 200 intrusions stem from malvertising. Just be happy this didn't lead to your org being ransomware'd.

As said in the comments, use Unlock Origin, and most importantly, move away from Google. Try DuckDuckGo as the default.

Better yet, install Librewolf (built in AdBlock plus DuckDuckGo set to default)

turtlebits|2 years ago

I was just looking into TSA Precheck and stupidly clicked the first link that came up in google. It clearly went to a spam "Resort Destination" site and quickly noped out of there and reported the Ad.

I'm stupid for blindly clicking, but Google should definitely vet these clearly misleading ads.

https://imgur.com/a/U06W29f

geor9e|2 years ago

The same scam exists for DMV renewals. The first link is always a sponsored ad scammer link who charges extra to just forward your information to the real DMV. I almost fell for it. If government consumer protection agencies had any gumption they'd sue Google over it.

DanielleMolloy|2 years ago

I've had to renew my ESTA last year and theirs (the official) is probably the clearest government website I came across. Lots to read but every possible detail or outlier seems to be clearly handled. Was also processed quickly. Just saying, good luck to OP.

_Algernon_|2 years ago

Ridiculous that Google isn't being held partially responsible for cases such as this. Allowing these ads is negligent behaviour.

vitalurk|2 years ago

Hey maybe (Definitely.), you aren't and idiot and the UX of these products is sub-par/unacceptably bad. Just my 2c.

friendlyshadow|2 years ago

Also, please let me know the site. I'll report them for abuse/fraud and get the ad removed for Google

AndrewKemendo|2 years ago

Honestly it does feel like it’s getting harder to keep up with scammers even for technical people. The volume of attempts across all channels is just overwhelming

Feels like a state change recently but I’m not ready to speculate as to why

serengetti|2 years ago

i'm confused, in the end, did your documents get processed?

ohwellmaybe|2 years ago

Not yet, I think they would be. (Update: I emailed and cancelled the order, so I think they won't be)

unknown|2 years ago

[deleted]

dang|2 years ago

[stub for offtopicness]

philip1209|2 years ago

I'll delete this comment shortly, but posting here because there's no other way to let you know -

Because you posted with a throwaway account, you should know that your dropbox link is revealing your full name when people open the image.

dang|2 years ago

I assume you'll want to fix the real-name issue other commenters are pointing out, so I've temporarily buried this thread. If you fix the issue and email hn@ycombinator.com, we can restore it.

Edit: restored!

joshstrange|2 years ago

Just a heads up, looks like you made a throwaway account but your name is visible on the Dropbox link. Might want to remove those and use a different host if you care.

unknown|2 years ago

[deleted]

sergiotapia|2 years ago

I can see your full name on Dropbox dude