My new Angular book is not out yet, but is already a scam ASP.NET Core 3 and Angular 9 book won't be available until February 11th, but you can already get robbed while trying to download it

Il mio nuovo libro su Angular non è ancora uscito, ma è già uno scam

Writing a programming book is a task that almost always proves to be much more difficult than expected, especially when dealing with mutable and unpredictable frameworks such as ASP.NET Core and Angular. Once again we had to wait for the release of the latest “final” version of Angular, just as already happened in 2017 with my previous book: Angular 5.0.0 version, initially scheduled for September 18th, was postponed for over a month ( October 23th) and then released on November 2 after no less than nine release candidates.

After that experience we all thought we couldn’t experience anything worse, but we were wrong: the latest major release of Angular experienced a delay of over two months (from December to February) and was further delayed by fourteen release candidates, thus arguably being a world record of some sort.

Luckily enough, the wait is finally over: on the night between 6th and 7th February 2020, just over 24 hours ago, Angular version 9.0.0 was released on GitHub, thus allowing me to finish the book in due time and the publisher – Packt Publishing – to honor the expected release date, which had been set to February 11th.

My new Angular book is not out yet, but is already a scam

Now that the expected schedule has been successfully met, I would like to spend a couple words – well, maybe a bit more than that – to tell you about a rather odd experience I had this afternoon while surfing the web. Truth to be told, there’s a high chance that you’ve heard similar stories already: however, I personally think that such kind of fun facts never gets old enough; other than being hilarious, they can also greatly help to understand how the web that we’re browsing nowadays actually works.

So, while issuing some search queries on Google to calculate the SERP indexing level reached by the sites that had the book available for preorder, I came across this strange twitter post:

My new Angular book is not out yet, but is already a scam

There was no mistake there: the post was clearly mentioning my book, with matching ISIN, name, author and description; and it was also telling me to download it for free (in e-book format) my clicking on an unidentified link. Such truly incredible opportunity could be seized since February 4th, judging by the tweet’s time stamp: 7 days before the book’s planned release date, and – most importantly – 2 days before I’ve actually finished writing it (!)

The twitter profile was just like you might expect from a fake account: owned by Christine H. McAndrews, a cute girl with zero followers, registered in January 2020, and only tweeting about forthcoming books and how to download them. Needless to say, each and every link was pointing to the same website.

My new Angular book is not out yet, but is already a scam

Given such intriguing scenario, I couldn’t avoid taking a look to the website itself!

DISCLAIMER: do *not* try this at home, unless you know what you’re doing: most scam websites might be harmful, especially if you use insecure and/or non updated browsers.

Eventually, I landed on a blatant scam page who looked just like a bulletin board system, where some (fake) users were enthusiastically talking about my book:

My new Angular book is not out yet, but is already a scam

The page worked in a rather fun way that deserves a couple words: it was programmed to “dynamically” fill a series of placeholders with the book info (name, author, and so on) brought by the URL GET parameters: those placeholders were scattered within the page, thus trying to emulate a plausible “thread” of enthusiasts who were talking about the book.

Such neat mechanic allows “Christine”, who’s obviously an automatic tweet-bot, to spam the same URL in her posts, filling the GET parameters with the metadata taken from the upcoming books she wants to “promote”; a great bait for any unwary twitter (or google) user looking to download them at no cost.

(side note: the GET parameters also included the image URL for the book cover hosted on Amazon; unfortunately,  the fake page doesn’t seem to have properly implemented it, since it’s not showing anywhere).

The fake thread developed by the page portrays a rather predictable scene, typical of online scams. The opening message is written by a user which is desperately looking for the book because he/she can’t find it anywhere; a (fake) user responds to the request, suggesting a link to a “free e-book download” service (the actual scam website):

My new Angular book is not out yet, but is already a scam

The scam attempt continues by staging the typical gimmick of the doubt dispelled by the denial, a trivial social engineering trick to win the trust of the potential victim and push her to perform a potentially risky call-to-action: the (fake) opening poster replies objecting that that site asks for a credit card …

My new Angular book is not out yet, but is already a scam

… but is immediately reassured by another (fake) user who confirms the authenticity and reliability of the service: “don’t worry, it’s all trusted: just put the card in and proceed with the download!”

My new Angular book is not out yet, but is already a scam

The trust level is further raised by the original (fake) user , who confirms that everything went really well; the credit card was just a way to check it was a real user, just like a CAPTCHA: now everything makes sense!

My new Angular book is not out yet, but is already a scam

The scene ends with another couple of users who confirm the authenticity of the site and praise the characteristics of the service: the scam is served.

My new Angular book is not out yet, but is already a scam

In the unlikely case you want to take a look at the “scam forum thread” page, you can access it by copying the following URLand pasting it in your browser’s address bar:

  • https://toositego.ml/az.php?q=ASP.NET+Core+3+and+Angular+9+-+Third+Edition+-+Valerio+De+Sanctis&i=https://m.media-amazon.com/images/I/61kIIUNGgLL._AC_UY327_FMwebp_QL65_.jpg

Needless to say, you should only do that if you know what you’re doing: although the page currently doesn’t host malicious scripts, nothing prevents the administrators (aka the scammers) from change such behavior in the near future; however, the real threat is inside the suggested “download link” that appears within the thread: be sure to not visit it, let alone enter your credit card or any other data anywhere.

Conclusion

I must honestly say that this scam really surprised me: I was aware of similar tricks, but seeing my name (and book) inside that fake thread was rather awkward.

If you want to take a look at the ASP.NET Core 3 and Angular 9 book without scam pages, remember that you can do it for free by taking advantage of the PDF previews available on Amazon and on the publisher’s websites at the following URLs:

I hope you’ll enjoy the book at least as much as this story!

Se vuoi saperne di più su .NET Core e Angular, dai un'occhiata al libro ASP.NET Core 3 and Angular 9, disponibile in formato cartaceo ed e-book.

 

About Ryan

IT Project Manager, Web Interface Architect and Lead Developer for many high-traffic web sites & services hosted in Italy and Europe. Since 2010 it's also a lead designer for many App and games for Android, iOS and Windows Phone mobile devices for a number of italian companies. Microsoft MVP for Development Technologies since 2018.

View all posts by Ryan

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.