15,000 sub-domains promoting weight-loss products and other goods promising miraculous results were taken down by US cybersecurity company Palo Alto Networks and web hosting company GoDaddy, after a 2-year investigation targeting millions of consumers.
According to the investigation, the websites sought to persuade consumers into buying products backed by bogus endorsements claiming to be from celebrities including Stephen Hawking, Jennifer Lopez and Gwen Stefani.
The findings showed that fake website domains created a convincing disguise that lured consumers to sites to order bogus products at low costs, hiding in tiny print the fact that failure to cancel recurring payments within a few days would lead to hefty fees from these fraudulent businesses. If consumers did not read the tiny print and cancel their order within a specified number of days, they were sent a “subscription charge” of some sort that did not get cancelled, which represent the majority of profits realized by these fraudulent businesses.
The investigation highlights the complexity and multi-tiered approach of affiliate marketing and sheds light on how there can be deceptive practices employed to scam consumers at every turn of this process.
GoDaddy reviewed the findings and discovered the sites had been pointing to subdomains belonging to customers whose accounts had been compromised using legitimate credentials. The attackers most likely accessed those credentials through phishing scams that tricked customers into releasing passwords and also through credential stuffing, which is when hackers exploit the use of the same passwords to secure multiple accounts by taking login data stolen from one site and using it to access another.
GoDaddy shut down the compromised sub domains in March, prompting affected customers to reset their passwords and notified them that a security action had been taken and recommending that consumers be on guard for similar online scams, particularly when considering purchasing goods promoted through email.
To prevent accounts from being compromised, Palo Alto Networks recommends securing all accounts with unique, strong passwords and implementing two-factor authentication whenever it is offered.