If you want to pressure TripAdvisor into improving security and verifying its reviews properly, please read then Tweet this post or post a link on Facebook. Shortlink http://wp.me/pS2vC-Hj
Creating a Fake ID on TripAdvisor
A Fake Reviewer
I’ve occasionally mentioned how easy it is for unscrupulous owners to fake reviews of their own or of their competitor’s business if they wish to do so. It is not necessary for them to employ someone else to do it, though that is an approach taken by some of them.
I’ve never actually spelled out how “bad” owners trick TripAdvisor to post their own reviews, as I don’t want to encourage it. However, another site has recently spilled most of the beans (though it included one critical error!) and TripAdvisor has responded, so perhaps it is time to reveal all.
1. How TripAdvisor currently Catches Fakes
Every time you visit a website, the site logs your IP address (the identity of the computer that you are using at the time) and places HTTP cookies on the computer or other device you’re using to access the Internet.
This means that every time you visit TripAdvisor you leave behind information that reveals where you are, what kind of Internet browser you are using, what size of screen, what pages of the site you visit, and many other details about your computer and your actions. At the same time TripAdvisor places cookies on your computer so that you can be identified when you return to the website.
This is the “hard” information that Tripadvisor uses in its “automated checking procedures” to identify who is posting reviews – and to catch people using multiple (fake) identities.
In addition TripAdvisor relies on “soft” information from users of its website to alert it to “suspicious” reviews. I’ve done this myself and 4 reviews were deleted from a particular property, though the property was never “red-flagged” as a result. I suspect, though cannot be sure, that properties are only “red flagged” where “hard” information is available.
2. How Fake Reviewers avoid being caught
I do not condone or encourage the use of the following information; but if the tricks become widely known perhaps TripAdvisor will verify its reviews properly, instead of dismissing concerns about the loopholes in its security.
1. Download an IP Changer such as Easy-Hide IP or Cyberghost to hide your real IP – there are dozens of products available, some of them free. An alternative to the fake IP address wheeze is to use free WiFi like McDonalds, or to use an Internet café.
2. Obtain an email address using hotmail, yahoo, gmail, or any other free email.
3. Clear cookies from your machine – this varies according to the browser you are using (e.g. Internet Explorer or Firefox or Chrome). It is best to remove only TripAdvisor cookies rather than all cookies as some contain useful information like remembering favourite pages, login IDs on particular sites etc.
4. Go to TripAdvisor (using the IP changer) and create a new TripAdvisor account using the free email address.
5. Post a review.
That’s all that is needed. The faker can now post as many reviews as he wishes under his new identity, BUT ONLY ONE REVIEW FOR ANY PARTICULAR PROPERTY.
3. Posting Multiple reviews for the same property
Anyone who wants to post several fake reviews for the same property has to work a little harder.
To review the same property again they need to cover their previous tracks and create a new identity. So they need another new IP address (NB some of the free IP changers only give one IP to hide behind), a new email address, then they clear TripAdvisor cookies and create another TripAdvisor account using their latest email address. This can be repeated ad infinitum.
4. How cheats further Cover their tracks and Make Fake Reviews Convincing
None of the following are strictly necessary, but here’s how the professional faker or the keen cheater might further cover his trail and make his fake identities and reviews more convincing.
1. They might vary browser between Firefox, Internet Explorer, Chrome and Safari.
2. They can give their identity credibility by posting a reviews about other places over a period of time before posting the review that counts, and vary their star ratings.
3. They don’t draw attention by posting a lot of reviews at once, but spread them over weeks and even months.
4. If posting for the same property more than once, they might try to change writing style and vocabulary e.g. by converting reviews to another language then back into English using Google Translate – only correcting horrible gaffes, not bad grammar. NB Don’t post reviews in a foreign language using Google Translate – appaling translation is how I uncovered the fake reviewer I exposed.
10. Those who create multiple accounts on TripAdvisor must keep a careful record of TA identities and log-ins, plus the associated IP addresses and email addresses.
Further Reading
Here is the recent article on http://www.visionarydining.com/tripadvisor which prompted me to set the record straight; it is Point 4 that is at fault, where it says to clear the Internet CACHE from the computer: it should say clear COOKIES.
Here is TripAdvisor’s response:
“We cannot emphasise enough our concern about this article; the activity it promotes is illegal and is strictly against our terms of use. Whilst the article in question does not condone the fraudulent use of TripAdvisor, it’s extremely disappointing to see anything which diminishes the high levels of integrity and respect for their customers that the vast majority of those working in the hospitality industry maintain.
“We also believe the vast majority of hoteliers understand the tremendous risk to their reputation and their business if they attempt to post fraudulent information on review sites like TripAdvisor. We take serious steps to penalise businesses who are caught attempting to manipulate the system.”
