Apr 25, 2019

GoDaddy removes a massive network of bogus sales sites

Photo: Igor Golovniov/SOPA Images/LightRocket via Getty Images

GoDaddy removed a cluster of more than 15,000 fraudulent website subdomains discovered by a researcher at Palo Alto Networks' Unit 42 threat intelligence team.

Why it matters: The scam, which sold products like weight loss pills, used breached websites to add legitimacy to its sales and involved using fake celebrity endorsements.

Details: Jeff White, the researcher at Unit 42, started researching the network of sites more than 2 years ago when he noticed spam messages that looked visually similar and used similar language.

  • The products were sold on commission as part of an affiliate marketing program and used low initial pricing and tiny print to get people signed up for costly subscriptions.
  • The sales took place on hacked GoDaddy websites, where hackers had set up subdomains on legitimate websites. If Axios had been hacked, that would mean the fake web site would have a web address like "hacked.axios.com" rather than "axios.com."
  • The sites used fake endorsements from the hosts of "Shark Tank," Gwen Stefani and others.

What they're saying: "This type of spam is more pernicious than most people think," said Jen Miller-Osborn, deputy director of threat intelligence at Unit 42. "I know when I get one of these emails, I wonder how people can fall for it. But they appeal to desperate people's dreams."

Go deeper: Email scammers take advantage of Gmail dot feature

Go deeper