My Hacked Website Costs You Money and No One Cares

Every day of every week we collect evidence of legitimate websites that have been hacked by criminals, or malicious domains created by criminals who are trying to make money by scamming you, the public.  Using malicious or legitimate but hacked websites, the hackers make money in a lot of different ways including…

 

  • Selling counterfeit products through the hacked site… Prada handbags, Oakley sunglasses, or bogus prescription medications
  • Creating phishing pages disguised to look like a bank, credit card or other business such as Apple or Amazon.  These pages look like the real business and capture login credentials along with lots of other personal information when the unsuspecting victim is tricked into logging in through the phishing site
  • Setting a trap for malware (malicious software) to be installed on the unsuspecting victim’s computer.  Malware can cause an infection capable of stealing personal information,  or taking control of the victim’s personal computer, or search for banking information, or capture passwords. Software can even be installed that can turn your computer into a spambot spewing out spam email by the thousands for the hacker.

 

The fact is that there are so many different types of malware through which a hacker can make money that we could write a book about it.  You may have heard about some types of malware like Keyloggers that will capture everything typed on a keyboard like your bank login name and password, Ransomware (also called Extortionware) that will lock up your computer’s files so that you can only open them if you purchase an encryption key from the criminals for $300 – $600. (This is the price range lately.)  Or the hacker may use your personal computer in his army of thousands of computers to extort money from online businesses.  The network of hacked computers is called a botnet and the criminal administrator is the botherder.  The botnet is used as a weapon to interfere with a company’s online commerce… unless the business owner pays extortion money to the botherder.  Crazy, right?  But effective.

Look at what a recent Apple account phishing scam asked for from victims along with their Apple login credentials:

Full name                                           Security questions and answers
Full address                                       Date of birth
Credit card information                   Mobile phone number
Social security number

Phishing Email

Phishing Email
Phishing website

Phishing website
Information phished 1

Information phished 1
Information phished 2

Information phished 2

It’s all a bit scary. Think “wild, wild, west” scary. And where is the town sheriff? Unfortunately, our local city and state police forces are not designed to deal with this type of crime very well. And even if they were willing to help, they have very few resources to direct against this cross-border, multinational cyber-crime. After all, most of these crimes are perpetrated by criminal gangs from other countries who can easily reach across the world through the Internet. So we turn to the FBI because they are tasked with protecting us from International crime, right? While this is true, the FBI is understandably focused on preventing the next terrorist attack, investigating the drug cartels, or other major crimes involving millions of dollars. They are focused on the jaw-dropping cyber-breaches and hacks that have hit companies like Sony, Target, Home Depot and Anthem Health Insurance in which personal information on millions of Americans was stolen. For a list of many of the known hacked companies of 2014 and 2015, visit:

http://www.heritage.org/research/reports/2014/10/cyber-attacks-on-us-companies-in-2014

http://time.com/money/3528487/data-breach-identity-theft-jp-morgan-kmart-staples/

Late in 2014, TheDailyScam.com’s (TDS) Content Director Doug Fodeman called the FBI to report a sophisticated advance-fee scam in progress. He was hoping they would take it over and engage the scammer to try to track and capture the criminal.  However, the FBI told him to “go online and file a complaint” which he did.  He’s still waiting for any follow up.  To read more about this scam, visit:   http://www.thedailyscam.com/nanny-scam-targets-care-com/

Given the overwhelming demands on the FBI, should we really expect them to help a citizen or business who just lost a few hundred or few thousand dollars to a criminal somewhere across the world? Can we expect them to help someone who just had his or her information stolen in a phishing scam?

Earlier this month, a father contacted TDS to report a scam that cost his teenage daughter $250.  His daughter was contacted through her Care.com profile to be a babysitter for someone  who said they were moving from Australia to Oklahoma. The daughter was sent a check for $2,750 in advance.  She was then instructed to wire $250 of this money by Western Union to a man in Nigeria for art work purchased for the apartment by the new owners arriving from Australia.  (We can see so many of you readers shaking your head. Sooooo many red flags here. But remember, she’s a teen with a good heart and a trusting soul. Her father said that she was naïve.) The daughter was also supposed to withdraw her first weeks salary. Of course, they learned that the check was fraudulent and bounced only after wiring $250 real dollars from her bank account to Nigeria.  Is there no one who can help them?

What about the Department of Homeland Security (DHS)? It is their mission to “secure the nation from the many threats we face” including cyber-security. (http://www.dhs.gov/es/combat-cyber-crime)  However, while DHS.gov does have a web page and instructions to report cybercrimes (http://www.dhs.gov/how-do-i/report-cyber-incidents  and https://www.dhs.gov/publication/law-enforcement-cyber-incident-reporting-documents), the web page is terribly cumbersome and discouraging to use.  Unless you are reporting evidence of the next big terrorist attack or something along those lines, our sense is that your plea will go unnoticed.  DHS has got their hands pretty full.

 

So what can we do for help against cyber-crimes that are increasingly targeting us, our families and friends every day like some criminal tsunami across social media, email, texts, smartphone apps and into our digital lives? There is only one option left… Cyber-citizens should be reporting the criminal hackers and domain abusers to the companies responsible for leasing the bad guys their domain names, hosting their websites, and offering naming/navigating or proxy services to the scammers.  Or at the very least we should be able to ask these companies to shut down the scams by reporting the problems, right?

 

Sadly, the service providers that are used or misused by criminal gangs seem to show little care or concern for John Q. Public. And apparently, they don’t have to care.  One case in point… TDS recently received a report of comment spam that targeted a school’s website.  The spam tried to direct people to websites that were being used to sell counterfeit products like Prada bags, Oakley sunglasses, and Ugg boots.  The spam included dozens of links to these products and the majority of these links were hosted by legitimate businesses whose web servers had been hacked and misused.  Some of the hacked sites also contained malware waiting to infect a visitor’s computer. (The presence of malware was confirmed using the Zulu URL Risk Analyzer.)

Below is a small sampling of a few of the counterfeit links.  They have been modified to protect our readers against accidental clicks.  Do not try to visit these sites as some may still be active and malicious.

 

htp://www.dellsboats.com/DONOTCLICK/louis-vuitton-handbags/louis-vuitton-louis-vuitton-checker-bag-sale21.asp

htp://www.worldcupweb.com/DONOTCLICK/WCrugby/louis-vuitton-handbags/louis-vuitton-louis-vuitton-damier-organizer-sale30.asp

htp://positivesafetymfg.com//DONOTCLICK/canada-goose-pas-cher/Canada-goose-kensington-canada-goose-parka-toronto-weather-sale534.htm

htp://colespoint.com/DONOTCLICK/images/prada-bag-replica-china/Prada-latest-prada-handbags-2014-p61.htm

htp://relixfishing.com/DONOTCLICK/Images/karen-millen/Karen-Millen-karen-millen-puffa-coat-sale09.htm

htp://advancedmotortech.com/DONOTCLICK/pdf/louis-vuitton-handbags/lv-Louis-Vuitton-Porte-Documents-Voyage-Cuir-Taurillon-M56003-sale257.html

htp://www.partsgroup.com/DONOTCLICK/louis-vuitton/Louis-vuitton-Louis-Vuitton-Pont-Neuf-PM-Epi-Leather-M5907N-usa14.htm

htp://www.acsconcept.com/DONOTCLICK/images/louis-vuitton-bags/lv-Louis-Vuitton-Monogram-Vernis-Business-Card-Holder-Wallet-M91409-sale096.html

htp://waltbenecki.com//DONOTCLICK/karen-millen/Karen-Millen-karen-millen-buy-sale33.htm

 

TheDailyScam tried to help by sending out emails to the website owners, the hosting services and domain name services it found using an online tool called a WHOIS to determine ownership of the website, name of the company hosting the website and name of the service that had leased the domain name to the owner.  Here is a sample email:

Yesterday evening a school in Massachusetts received a “comment spam” with a link to “louis vuitton handbags” for sale and the link leads to files on the acsconcept.com webserver.  Please notify your webmaster and hosting service with this information and do not click the link below as it may also be hosting malicious software.

The links to your server are:

htp://www.acsconcept.com/images/louis-vuitton-bags/lv-Louis-Vuitton-Meteor-Sneaker-Boot-In-Denim-Canvas-YRQPDN-sale9.html

htp://www.acsconcept.com/images/louis-vuitton-bags/lv-Louis-Vuitton-Monogram-Vernis-Business-Card-Holder-Wallet-M1409-sale6.html

I strongly suggest that you also change your website’s passwords to better prevent a return of the hackers and update any WordPress software if your website is a WordPress site.  We have information on creating strong passwords and how to protect your WordPress website on our website called TheDailyScam.com.

     http://thedailyscam.com/creating-strong-passwords

     http://thedailyscam.com/how-to-protect-your-wordpress-website/

 

Sadly, most of the emails we sent resulted in a canned response asking us to jump through more reporting hoops, such as this one…

5-Response from Network Solutions

Or  the tech support at the hosting company told us that the link we sent them could no longer be found, such as this response from Network Solutions when we reported on the hackeded domain ACSConcept.com:

 

Thank you for contacting Network Solutions Abuse Department.  We are committed to assisting people in taking action against malicious activity. Please be advised that the URL provided is not resolving.

Thanks
Fraud and Abuse Escalation Agent
12808 Gran Bay Parkway, West  |  Jacksonville, FL 32258
Office: 404-260-2594

 

ACSConcept.com

ACSConcept.com

What makes this last response so disappointing is that we had no problem reaching the domain (see the screenshot to the right) even days after we received their response.  The fact that the particular malicious link we showed them doesn’t display some bogus Louis Vuitton products simply means the scammers have deleted the page.  But the scammers still have control of the website and are misusing it!

The very disappointing responses we received from the many service providers had us wondering what responsibility they feel for keeping all of us safe from Internet fraud and criminal gangs with malicious intent to harm us.  We’re sure that if we called them and asked them they would tell us that they care deeply about our safety and are doing everything they can to keep the bad guys from misusing their services to harm us.  But are they really?

 

Wouldn’t you think that if someone opened an AOL or Gmail email account with the username WesternUnion@aol.com or WesternUnionPaymentOffice115@Gmail.com it would set off alarms that these accounts need to be investigated?  Well, apparently they don’t.  Check out the beginning of this Advance-fee (Nigerian 419) scam from a recent email. This very long email goes on to say that your $800,000 will be released in installments after paying an “unpaid endorsement and daily activation fee” of $89.  Yeah, right.

7-WesternUnion scam

Or what about that Apple phishing scam we showed you at the top of this story?  The scammers registered the domain “AppleiVerify.com.”  Don’t you think the company that leased this domain to the scammers would wonder about Apple Comptuer copyright infringement?  Wouldn’t they be suspicious as to what this site might be and check it out so people don’t get phished?  No, they don’t care.  They make money when the criminals purchase their services.  They don’t make money when they have to clean up the mess or spend time investigating threats and hacks.

 

So what is our point to this story?  The point is that the entire system is seriously broken and no one seems to care.  If my website gets hacked and the hackers make money by scamming you, no one seems to care or be able to do anything about it.

 

By the way, that WesternUnion@aol.com  email above was sent from the domain “gov.bd.”  It’s a government email server in Bangladesh in Asia, near India.  Criminals have never found it so easy to reach across the world into our pockets.