5x on dining you tell me? Hell yeah! But wait.. why is the email you sent me a giant image that hyperlinks to the application?
I’ve recently noticed a bunch of scam like emails coming through, and initially thought that they were phishing scams. In the interest of journalism I clicked the link, and discovered it was an affiliate spam gig instead. The link never actually loaded, but it has all the components of affiliate tracking, though you have to strip off the shortcode first (by clicking it…) note I don’t recommend clicking such links as they can get you right into malware and other things.
Anatomy of an affiliate link
Not all links are the same, but this pattern is quite common. 1 or more component is used to track the source of the link, and therefore attribute the revenue to the right person. This link had 3 components, this is often used to identify different things such as:
- Channel (what global account is linked on the Vendor side, eg Chase)
- End user (who is pimping the card)
- Campaign/Offer (many banks offer the same card with different versions of an offer to see who bites, eg 40K vs 50K CSP offers)
This gig is one of several things, you buy a list of emails and:
- Send them genuine affiliate links to profit from the kickback.
- Send them a trojan horse and under the guise of a credit card offer, do something nefarious like install malware
- A combination of the above.
One thing I’ve noticed from the people who seek points and miles is that they are often happy to send out applications for things to test them out, and break into the next big thing. Additionally, they are happy to use their SSN to apply for things because they know it rebounds nicely.. so this might well make churners/gamers of the system more receptive to such spam/phishing techniques, or signing up for cash back portals that have little to no track record.
Be careful out there – and don’t click all image emails!