Our security experts from iZOOlogic have recently noticed multiple spam sites registered through Alibaba Registrar/Webhost, Cloudflare Webhost, and .CN or .TOP registries created by threat actors to conduct fraud by targeting our clients and using their brand names and logos.
Threat actors leverage the spam sites by offering prizes such as huge cash or gift cards if victims answer a provided survey form and share the link to different messaging platforms. The spam sites are typically prepared through a shortened main or source URL, so victims will not get suspicious. Upon clicking the source URL, they will be redirected to different domains in a pay-per-click instance.
Alibaba is a Chinese technology firm specialising in retail, tech, internet, and e-commerce. The firm’s registrar/Webhost is exploited by threat actors since its policies include notifying site owners – in this case, iZOOlogic’s customers – to remove the fraudulent activities and not entirely suspend the fake domain despite security researchers delivering concrete evidence of abuse report.
Furthermore, iZOOlogic security experts also noticed that Google is the most common Webhost provider exploited by threat actors according to Cloudflare response, based on observed cases and incidents. It is easier and efficient for the threat actors to establish fraud sites hosted on Google.
Threat actors use the spam sites to profit from the unsuspecting users’ clicks as part of “pay-per-click” fraudulent schemes.
Pay-per-click is a type of advertising wherein website owners who post ads gain money based on how many visitors click on the posted ads or how many clicks an ad receives per visitor.
The shortened main or source URL normally redirects the victims to about 5 to 10 spam sites that target financial institutions, healthcare institutions, and e-commerce firms. The threat actors will gain a certain amount of money based on the number of clicks done by a victim who has visited or been redirected to the spoofed websites.
The issue is even made difficult for the affected victims since the investigation process of Alibaba and the Google Abuse team requires a longer mitigation period in reviewing the filed abuse reports. The longer it is for the problem to be fixed, the longer the exposure of spam sites will be on the public internet.
We at iZOOlogic protect our clients’ public digital assets and surface from cyberattacks; hence our utmost concern about having these similar issues be quickly mitigated by other involved firms that affect our clients’ business operations.
