GoDaddy has been active on the domains market since 1997. Last year the company had more than 18 million clients and GoDaddy was in charge of managing more than 77 million domain names.
Recently, GoDaddy deleted more than 15,000 subdomains that were used by scammers.
The entire criminal activity has been discovered by Palo Alto Networks.
Scammers were using a very old method, that has been around for years: phishing. Some users received emails promoting some pharmaceutical products. Once they clicked on the link they received in their email inbox, they were redirected to these subdomains hosted by GoDaddy. The websites were legitimate, but the owners of the legitimate websites were not aware that illegal activity is happening on their websites.
All these emails had something in common: they all “sold” products that appeared to be promtoed by celebrities and the celebrity names scammers used were the names of Stephen Hawking, Blake Shelton, Gwen Stefani or Jennifer Lopez.
Most products promoted by these subdomains were pharmaceutical products, diet pills or diet products.
How the operation worked
The investigation was complex and it took two years. GoDaddy laos launched an investigation into this issue and reached the conclusion that scammers used phishing attacks in order to gain access to GoDaddy user accounts.
Once the scammers got access to GoDaddy accounts, they created subdomains for legitimate websites. They used them to host promotional websites with the purpose of convincing users to buy the products.
GoDaddy says that a few hundred users accounts were affected. GoDaddy deleted more than 15,000 subdomains and the passwords of compromised accounts were reset.
The traffic on the subdomains used by scammers was huge and some estimates say that these subdomains received more than 1 million hits.