, the world’s largest domain name registrar, had to shut down over 15,000 website subdomains. This is because these sites were letting email spammers redirect visitors to their “snake oil” products.

Hackers Broke Into GoDaddy Accounts

You know these sites…the ones advertising brain enhancement pills and miracle weight loss drugs. These 15,000 sites were broken into by spammers who wanted to spread their fake products throughout the Internet. The scheme may have reached millions of consumers.

How Did The Scammers Get Into The GoDaddy Accounts?

According to Jeff White, a security researcher at Palo Alto Networks who has been investigating this for two years, the scammers broke into the GoDaddy accounts so they could send phishing emails to trick people into giving up their passwords.

He believes that the hackers used automated password-guessing called credential stuffing. This is a subset of a brute force attack where hackers automatically use large numbers of credentials to try and enter secure sites.

Credential stuffing uses username/password pairs to gain access. Once the pairs match an account, the hacker can hijack the site and use it for their criminal purposes.

Why Didn’t The Spam Filters Catch These Fake Emails?

Spam filters typically take care of this. They screen out spam by looking at where a message came from. If the email came from a blacklisted domain, it wouldn’t get through the spam filters.

However, the scammers got past this by breaking into the web hosting accounts on GoDaddy. Then they used these accounts to deliver their spam emails so they wouldn’t be blacklisted. They compromised 15,000 subdomains, used them to send phishing emails, and redirected visitors to their fake products via links in the emails.

Jeff White explains:

“By using unrelated subdomains, they (the scammers) can ‘shadow’ the reputation of the parent site and hopefully skirt under the radar of prevention tools.”

What Would Happen If You Clicked On The Scammers Email Link?

You would be sent to a website advertising the scammer’s product. These sites typically contain false endorsements by celebrities like Jennifer Lopez.

It’s not known whether people purchased the products. But White said that some of the links were clicked on an average of 273 times. If you multiply this by the 15,000 domains, then tens of thousands, possibly millions of people, could have come upon the spam.

If you purchased a product, not only do the spammers have your credit card number and personal information, they would typically put in fine print that this was a reoccurring order and that your credit card would be billed until you canceled your subscription.

How Can We Prevent Having Our Domain Taken Over?

GoDaddy advises that you always use multi-factor authentication and strong passwords for all of your accounts and to prevent account takeovers.

Multi-Factor Authentication protects against phishing, social engineering, and password brute-force attacks. It secures your logins from attackers who work to exploit your weak credentials.

How Does Multi-Factor Authentication Work?

You’ll be prompted to acknowledge a phone call, email, text message or application notification on your smartphone. It’s up to you to decide which notification type to use. This way, even if a criminal obtains your password, they would also need the code from your smartphone to access your account. They would immediately be denied.

This single additional step will significantly boost the security of your account. Network Heroes recommends that all management-level users have Multi-Factor Authentication in place.

How Can We Help Our Employees In Las Vegas Use Strong Passwords?

Creating and using strong passwords can be frustrating, but it’s incredibly important. Privacy and security are major concerns for businesses these days. You must be sure that your employees aren’t making it easy for hackers to access your private data.

One of the best ways to maintain complex passwords is with a password manager. Password managers are the key to keeping your passwords secure. There are a number to choose from.

Do you have more questions? If so, we’re always here to help.

If you found this article helpful, be sure to check out our Blog.

LabCorp Data Breach: What We Know

Watch Out: File Hijacking and Malware Possible Through Slack Bug

Quest Diagnostics Breach: Latest News