GoDaddy shutters over 15,000 subdomains linked to online scams
In a major crackdown, popular web hosting service GoDaddy has taken down more than 15,000 sub-domains connected to online scams. According to a ZDNet report, fraudsters got hold of these subdomains by fooling their legitimate users, and then used them for tricking millions of unsuspecting internet users into buying illegitimate products. Here's more on the subdomains and GoDaddy's crackdown.
Subdomains are those parts of domains that are created as an extension of a main, top-level domain. They are mostly used by website makers as a memorable/relatable address to deliver content, like photos.google.com is a subdomain for the main Google.com domain. Notably, one can add up to a maximum of 100 subdomains per domain name.
As ZDNet highlighted, fraudsters employed these 15,000 domains as part of a broader spamming operation. They used to send out emails promoting fake products to unsuspecting internet users with links to malicious subdomain tied to the authentic domain. When the user clicked on the link, they'd go on the fake page thinking it was a legit website and make the purchase.
These malicious subdomains were mostly used to promote/sell healthcare-related stuff like brain supplements, CBD oil, weight-loss pills, and dietary products. Plus, the scammers also used names of celebrities like Stephen Hawking, Jennifer Lopez, Gwen Stefani, Blake Shelton, and Wolf Blitzer to make them more alluring.
While these subdomains increased malicious activity and frauds on the internet, the owner of the domains they were tied to had no clue whatsoever. It is not exactly clear how they got access to their domains but GoDaddy, on the basis of its internal investigation, believes they carried out phishing or credential stuffing-based attacks to get hold of the accounts and register the sub-domain.
GoDaddy said 'several hundred' users of its service might have been impacted by this attack but denied providing an exact figure. The company added that the passwords of compromised accounts have been restored and their owners have been informed so that they can check their websites. Notably, they were first informed about this issue by Palo Alto Networks' security researcher Jeff White.
