Here’s an astonishing story that’s also fun to read.
It’s written by a UK journalist and serial hoaxer/bounds checker called Oobah Butler.
Butler has visited Harrods both as a punk (no problems) and as a cybergoth (refused entry) to test the famous department store’s dress code, so he’s no stranger to taking on unlikely challenges just to see what happens.
By Butler’s own admission, he used to make ends meet by writing bogus restaurant reviews on TripAdvisor; he kept tabs on the quality of his work (or, as he puts it, “became obsessed with monitoring the ratings of [the businesses that hired me]”), and realised that these fake reviews were effective and really did boost rankings.
So much for fake reviews to promote real restaurants: Butler decided to try something more audacious, namely a completely fake restaurant.
Or, as he more wittily puts it, “[w]ith the help of fake reviews, mystique and nonsense, I was going to do it: turn my shed into London’s top-rated restaurant on TripAdvisor.”
The glorious part of it is that Butler didn’t rip anyone off; didn’t take money under false pretences; didn’t actually open a restaurant; didn’t accept bookings and then let people down; didn’t really do anything except to keep on insisting that he had a restaurant, assuring everyone it was excellent, and allowing TripAdvisor to amplify his story.
Butler never took on a single customer – he simply told callers he was booked out for weeks ahead, which apparently only served to boost both the mystique and the desirability of his establishment.
(The “shed”, in case you are wondering, is actually where he lives – it’s designed to be lived in, and looks rather nice, actually, but it’s definitely a shed.)
It took more than six months of fakery before TripAdvisor checked up on Butler, sending him an email on 1 November 2017 entitled “Information Request”.
Expecting he’d been busted, and having reached no higher than #30 on the charts, he assumed he’d failed in his quest…
…but when he opened the email he realised that self-congratulation was in order – he’d made it to #1:
Butler’s own article continues most entertainingly as he “closes” his “establishment” – keen observers of the social scene should definitely read Butler’s iconoclastic tale! – but for us, we’re at the point where we draw security conclusions.
As fellow Naked Security writer Mark Stockley put it:
It’s a cautionary tale about placing too much faith in online reviews, something that (rightly or wrongly) people use to seek assurance that things are what they say. This is what you might call “using computers for security” rather than “computer security”. In this case it was a non-restaurant, but it could just as easily be a site that assures you that, “Yes, this person you’re inviting into your home is indeed a legitimate plumber with a long list of satisfied customers, rather than a crook who’s going to take your credit cards on a long tour of the local shops.
The way Butler set things up, he could easily have taken “deposits” for his quirky, luxury meals. With bookings months in advance he had a long window of opportunity to milk customers if he’d wanted to. He also ended up with a web property that passed the reputation test, where he could have advertised or promoted other scams from a position of apparent trust and reliability.
What to do?
Dealing with fake reviews is a tricky problem because there’s no easy technological solution once they’ve been approved and published: the judgement is entirely up to you, and that’s how reviews are supposed to work, anyway.
Here at Naked Security, we discussed “what to do” at some length, and Mark Stockley came up with an interesting twist on the issue – he suggests a simple and objective approach whereby you rate online reviews as no more valuable than the amount you’re prepared to lose:
Prepared to lose the cost of dinner? Not being asked for credit card details up front? OK, then look only at the reviews; they’re probably OK and if you’re wrong you’ve lost a few pounds. Prepared to lose the cost of a plumbing job, or to risk the theft of personal property or information right from your house? No? Then crank up the suspicion, try to meet in person in advance, ask for references, speak to the last customer yourself.
If you aren’t sure, ask a friend for advice.
And make that a friend in the old-school sense of someone you know, like, and trust – importantly, someone you have actually met.
Butler’s restaurant didn’t exist, so it wouldn’t have been possible for you, or any of your friends, to have eaten there for real.
Source : Naked Security