[tyingq]

Poked around on vincerewears.com to see what was there.

There's a widget that pops up periodically that says "Someone in {city}, {country} purchased {product}". It looked a bit fishy, so I poked around the source code.

Sure enough, the faked purchases are in the source code. They don't even bother to load them via XHR to at least give some semblance of legitimacy. Lol.

s = [{ "sn_city": "Pompano Beach", "sn_country": "United States", "sn_discount": null, "sn_first_name": "Erick", "sn_handle": "natu-t-shirt", "sn_img": "https:\/\/cdn.shopify.com\/s\/files\/1\/0283\/5824\/6448\/products\/product-image-1183227221.jpg?v=1600916205", ...

From: https://sales-notification-cdn.makeprosimp.com/v1/published/...

[barbarbar]

Oh. This is our mock data. We must have made a mistake during deployment. /s

[ekiara]

Yeah, those real-time notifications of "{User} has done {Action}" always raise my suspicions that the website is a scam.

Since they are almost always on dubious looking ecommerce sites, or scammy betting or crypto web applications

[Aulig]

Such a scummy thing to do - sadly effective and all too common. Also illegal depending on your legislation.

[bellyfullofbac]

I think many hotel booking sites do this too, "A user just booked a room!", to entice you to hurry up and close the deal on that "special rate?".

[dna_polymerase]

"Booked 2 times for your dates in the last 12 hours"

"1 other person looked for your dates in the last 10 minutes"

Booking.com is the worst.

[busymom0]

Yep. That's a very common practice even on "legitimate brands". Easy way to detect those is by turning off the wifi and noticing those messages keep popping up without internet.

[egman_ekki]

Wouldn't it make more sense to send the payload with multiple purchases to JS and show them one by one gradually and then it could show legitimate ones even after turning the internet off? Not that it's happening, but...

[Kiro]

These fake notifications are common, even on big retailers. It's the modern version of "if you call within 10 minutes" commercials.

[ASalazarMX]

I wonder how people who called within those 10 minutes feel when the same infomercial lasts for two hours.

[oars]

I'm relatively new to web development but how were you able to get a link to this JavaScript code?

I thought this logic was usually done in the backend and can't be viewed from the front? E.g. right click > view source in Chrome only shows HTML and some frontend JS doesn't it?

[tyingq]

Just Chrome dev tools, either the debugger or the network tab. It is front-end code.

Normally, yeah, you wouldn't see individual purchase data in front-end code...that would be backend code returning just json/xml/whatever that the browser would consume.

That it's hardcoded in the client is why it's funny and obviously fake data.

[herbst]

Interestingly enough you'll find more wordpress/woo plugins that simply mock up data than plugins that use your actual sales.

I always assume these to be fake. Anywhere