A research team found that thousands of websites were tricking users into entering credit card information by spoofing trustworthy sites.
Spam has become an indelible part of our daily lives on the internet, and many people have outfitted their devices with ad-blockers or programs that they hope will keep them safe from deceptive or malicious marketing campaigns.
But after nearly two years of research and investigation, Jeff White of the Palo Alto Networks threat intelligence team has uncovered a sprawling network of spam campaigns that prey on people's insecurities while spoofing websites or celebrities you would ordinarily trust.
"It describes how victims are targeted with spam containing shortened links that direct them to websites on compromised accounts that forward them to sites offering products promising miraculous results," White wrote.
"These efforts allowed us to map out thousands of compromised servers and abused domains and hundreds of compromised accounts, resulting in a collaborative effort with GoDaddy to take down over 15,000 subdomains being used across these campaigns."
SEE: IT leader's guide to deep learning (Tech Pro Research)
White and his team released a lengthy, 35-page report on Friday detailing their efforts to uncover an entire industry dedicated to tricking people into clicking on malicious links, taking them down a seemingly never-ending rabbit hole of fake websites before ending at a landing page that encourages users to input credit card information.
It was easy for White to separate out the bad actors from the companies simply using a mechanism called "affiliate marketing," which allows businesses to pay companies to increase traffic to certain websites. But the issue became much more complicated when he realized that some of these companies knew about, and even sanctioned, this kind of spam activity.
"In the affiliate marketing community, these types of fake endorsement sites are called 'presells' and 'farticles' (yes, farticles...fake articles). The pages intent is clear — get someone to believe the products may actually work if a celebrity endorses it. That's a tactic as old as advertising itself. You'll also find these exact pre-sells being offered to affiliates by the affiliate networks and merchants," White wrote.
The most sinister aspects of what the Paolo Alto team discovered was how easy it was to mirror websites like TMZ or Good Morning America and the fact that many of the practices used in these kinds of scams are either not illegal or nearly impossible to prosecute from a legal perspective.
"They are paid by merchants to push traffic, however they can, to these deceptive websites. It's possible, based on the parameters in use on the landing pages, for the merchant handling these services to track back this illegal activity to their affiliates they are paying and put a stop to it. But more often than not, the merchants themselves are providing the affiliates with the fake celebrity endorsement templates and are just as unscrupulous as the affiliates," he said in the report.
When White was finally able to drill down to the core of the issue and figure out the main players behind these schemes, he was alarmed to discover that the people behind these fake websites were in fact registered companies.
"I've since learned that one of the driving factors that these affiliate marketers have in incorporating their businesses is so they, the individual, cannot be held personally liable when people start going after them for fraud and the like."
He noted that as far back as 2009, both Dr. Oz and Oprah — two of the main figures seen in these fake ads for weight loss pills and the like — filed a lawsuit against hundreds of these affiliates using many of the same types of deceptive celebrity endorsement pages. In 2014, the FTC was forced to address this issue head on due to hundreds of lawsuits against these companies, but they have been largely unable to address the issue, even now.
White and his team took everything they found to GoDaddy's Threat Intelligence team, which removed more than 15,000 subdomains containing these kinds of scams. But they note at the end of their report that these types of nefarious schemes are now pervasive and will only increase due to the massive amounts of money that can be made from them.
"They know that due to the anonymous nature of the Internet, the difficulty that the U.S. Government has faced when trying to prosecute these crimes, and how easy it has become to blend into the every-day background noise, there appears to be little risk to them for continuing with these scams," White noted in the report.
Check out this TechRepublic article for advice on how to protect your business from these attacks.
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- 10 dangerous app vulnerabilities to watch out for (TechRepublic download)
- Information security policy template download (Tech Pro Research)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- The best password managers of 2019 (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)